1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" Portions of this software were developed for the FreeBSD Project by 5.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 6.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 7.\" ("CBOSS"), as part of the DARPA CHATS research program. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. The name of the author may not be used to endorse or promote 18.\" products derived from this software without specific prior written 19.\" permission. 20.\" 21.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31.\" SUCH DAMAGE. 32.\" 33.\" $FreeBSD$ 34.\" 35.Dd February 6, 2003 36.Dt PAM_GROUP 8 37.Os 38.Sh NAME 39.Nm pam_group 40.Nd Group PAM module 41.Sh SYNOPSIS 42.Op Ar service-name 43.Ar module-type 44.Ar control-flag 45.Pa pam_group 46.Op Ar arguments 47.Sh DESCRIPTION 48The group service module for PAM accepts or rejects users based on 49their membership in a particular file group. 50.Pp 51The following options may be passed to the 52.Nm 53module: 54.Bl -tag -width ".Cm fail_safe" 55.It Cm deny 56Reverse the meaning of the test, i.e., reject the applicant if and only 57if he or she is a member of the specified group. 58This can be useful to exclude certain groups of users from certain 59services. 60.It Cm fail_safe 61If the specified group does not exist, or has no members, act as if 62it does exist and the applicant is a member. 63.It Cm group Ns = Ns Ar groupname 64Specify the name of the group to check. 65The default is 66.Dq Li wheel . 67.It Cm root_only 68Skip this module entirely if the target account is not the superuser 69account. 70.El 71.Sh SEE ALSO 72.Xr pam.conf 5 , 73.Xr pam 8 74.Sh AUTHORS 75The 76.Nm 77module and this manual page were developed for the 78.Fx 79Project by 80ThinkSec AS and NAI Labs, the Security Research Division of Network 81Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 82.Pq Dq CBOSS , 83as part of the DARPA CHATS research program. 84