1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav 3.\" All rights reserved. 4.\" 5.\" Portions of this software were developed for the FreeBSD Project by 6.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 7.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8.\" ("CBOSS"), as part of the DARPA CHATS research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. The name of the author may not be used to endorse or promote 19.\" products derived from this software without specific prior written 20.\" permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" $FreeBSD$ 35.\" 36.Dd July 19, 2014 37.Dt PAM_GROUP 8 38.Os 39.Sh NAME 40.Nm pam_group 41.Nd Group PAM module 42.Sh SYNOPSIS 43.Op Ar service-name 44.Ar module-type 45.Ar control-flag 46.Pa pam_group 47.Op Ar arguments 48.Sh DESCRIPTION 49The group service module for PAM accepts or rejects users based on 50their membership in a particular file group. 51.Nm pam_group 52provides functionality for two PAM categories: authentication and 53account management. 54In terms of the module-type parameter, they are the ``auth'' and 55``account'' features. 56.Pp 57The following options may be passed to the 58.Nm 59module: 60.Bl -tag -width ".Cm fail_safe" 61.It Cm deny 62Reverse the meaning of the test, i.e., reject the applicant if and only 63if he or she is a member of the specified group. 64This can be useful to exclude certain groups of users from certain 65services. 66.It Cm fail_safe 67If the specified group does not exist, or has no members, act as if 68it does exist and the applicant is a member. 69.It Cm group Ns = Ns Ar groupname 70Specify the name of the group to check. 71The default is 72.Dq Li wheel . 73.It Cm luser 74Accept or reject based on the target user's group membership. 75.It Cm root_only 76Skip this module entirely if the target account is not the superuser 77account. 78.It Cm ruser 79Accept or reject based on the supplicant's group membership. 80This is the default. 81.El 82.Pp 83Note that the 84.Cm luser 85and 86.Cm ruser 87options are mutually exclusive, and that 88.Nm 89will fail if both are specified. 90.Sh SEE ALSO 91.Xr pam.conf 5 , 92.Xr pam 3 93.Sh AUTHORS 94The 95.Nm 96module and this manual page were developed for the 97.Fx 98Project by 99ThinkSec AS and NAI Labs, the Security Research Division of Network 100Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 101.Pq Dq CBOSS , 102as part of the DARPA CHATS research program. 103