xref: /freebsd/lib/libpam/modules/pam_group/pam_group.8 (revision d8a0fe102c0cfdfcd5b818f850eff09d8536c9bc)
1.\" Copyright (c) 2003 Networks Associates Technology, Inc.
2.\" Copyright (c) 2004-2011 Dag-Erling Smørgrav
3.\" All rights reserved.
4.\"
5.\" Portions of this software were developed for the FreeBSD Project by
6.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
7.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
8.\" ("CBOSS"), as part of the DARPA CHATS research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\" 3. The name of the author may not be used to endorse or promote
19.\"    products derived from this software without specific prior written
20.\"    permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.\" $FreeBSD$
35.\"
36.Dd July 19, 2014
37.Dt PAM_GROUP 8
38.Os
39.Sh NAME
40.Nm pam_group
41.Nd Group PAM module
42.Sh SYNOPSIS
43.Op Ar service-name
44.Ar module-type
45.Ar control-flag
46.Pa pam_group
47.Op Ar arguments
48.Sh DESCRIPTION
49The group service module for PAM accepts or rejects users based on
50their membership in a particular file group.
51.Nm pam_group
52provides functionality for two PAM categories: authentication and
53account management.
54In terms of the module-type parameter, they are the ``auth'' and
55``account'' features.
56.Pp
57The following options may be passed to the
58.Nm
59module:
60.Bl -tag -width ".Cm fail_safe"
61.It Cm deny
62Reverse the meaning of the test, i.e., reject the applicant if and only
63if he or she is a member of the specified group.
64This can be useful to exclude certain groups of users from certain
65services.
66.It Cm fail_safe
67If the specified group does not exist, or has no members, act as if
68it does exist and the applicant is a member.
69.It Cm group Ns = Ns Ar groupname
70Specify the name of the group to check.
71The default is
72.Dq Li wheel .
73.It Cm luser
74Accept or reject based on the target user's group membership.
75.It Cm root_only
76Skip this module entirely if the target account is not the superuser
77account.
78.It Cm ruser
79Accept or reject based on the supplicant's group membership.
80This is the default.
81.El
82.Pp
83Note that the
84.Cm luser
85and
86.Cm ruser
87options are mutually exclusive, and that
88.Nm
89will fail if both are specified.
90.Sh SEE ALSO
91.Xr pam.conf 5 ,
92.Xr pam 8
93.Sh AUTHORS
94The
95.Nm
96module and this manual page were developed for the
97.Fx
98Project by
99ThinkSec AS and NAI Labs, the Security Research Division of Network
100Associates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
101.Pq Dq CBOSS ,
102as part of the DARPA CHATS research program.
103