1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav 3.\" All rights reserved. 4.\" 5.\" Portions of this software were developed for the FreeBSD Project by 6.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 7.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 8.\" ("CBOSS"), as part of the DARPA CHATS research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. The name of the author may not be used to endorse or promote 19.\" products derived from this software without specific prior written 20.\" permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.Dd July 19, 2014 35.Dt PAM_GROUP 8 36.Os 37.Sh NAME 38.Nm pam_group 39.Nd Group PAM module 40.Sh SYNOPSIS 41.Op Ar service-name 42.Ar module-type 43.Ar control-flag 44.Pa pam_group 45.Op Ar arguments 46.Sh DESCRIPTION 47The group service module for PAM accepts or rejects users based on 48their membership in a particular file group. 49.Nm pam_group 50provides functionality for two PAM categories: authentication and 51account management. 52In terms of the module-type parameter, they are the ``auth'' and 53``account'' features. 54.Pp 55The following options may be passed to the 56.Nm 57module: 58.Bl -tag -width ".Cm fail_safe" 59.It Cm deny 60Reverse the meaning of the test, i.e., reject the applicant if and only 61if he or she is a member of the specified group. 62This can be useful to exclude certain groups of users from certain 63services. 64.It Cm fail_safe 65If the specified group does not exist, or has no members, act as if 66it does exist and the applicant is a member. 67.It Cm group Ns = Ns Ar groupname 68Specify the name of the group to check. 69The default is 70.Dq Li wheel . 71.It Cm luser 72Accept or reject based on the target user's group membership. 73.It Cm root_only 74Skip this module entirely if the target account is not the superuser 75account. 76.It Cm ruser 77Accept or reject based on the supplicant's group membership. 78This is the default. 79.El 80.Pp 81Note that the 82.Cm luser 83and 84.Cm ruser 85options are mutually exclusive, and that 86.Nm 87will fail if both are specified. 88.Sh SEE ALSO 89.Xr pam 3 , 90.Xr pam.conf 5 91.Sh AUTHORS 92The 93.Nm 94module and this manual page were developed for the 95.Fx 96Project by 97ThinkSec AS and NAI Labs, the Security Research Division of Network 98Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 99.Pq Dq CBOSS , 100as part of the DARPA CHATS research program. 101