pam_rootok
Andrew G. Morgan <morgan@parc.power.net>
Linux-PAM maintainer
authentication
Clean.
This module is for use in situations where the superuser wishes to gain access to a service without having to enter a password.
debug
This module authenticates the user if their uid
is 0
.
Applications that are created setuid-root generally retain the
uid
of the user but run with the authority of an enhanced
effective-uid
. It is the real uid
that is checked.
In the case of the su
application the historical usage is to
permit the superuser to adopt the identity of a lesser user without
the use of a password. To obtain this behavior under Linux-PAM
the following pair of lines are needed for the corresponding entry in
the configuration file:
#
# su authentication. Root is granted access by default.
#
su auth sufficient pam_rootok.so
su auth required pam_unix_auth.so
Note. For programs that are run by the superuser (or started when the system boots) this module should not be used to authenticate users.