PAM_LOCALUSER(8) Linux-PAM Manual PAM_LOCALUSER(8)NAME
pam_localuser - require users to be listed in /etc/passwd
SYNOPSIS
pam_localuser.so [debug] [file=/path/passwd]
DESCRIPTION
pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users
and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to
restrict access to either local users and/or a subset of the network's users.
This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been
separated out.
OPTIONS
debug
Print debug information.
file=/path/passwd
Use a file other than /etc/passwd.
MODULE TYPES PROVIDED
All module types (account, auth, password and session) are provided.
RETURN VALUES
PAM_SUCCESS
The new localuser was set successfully.
PAM_SERVICE_ERR
No username was given.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
Add the following line to /etc/pam.d/su to allow only local users in group wheel to use su.
account sufficient pam_localuser.so
account required pam_wheel.so
FILES
/etc/passwd
Local user account information.
SEE ALSO pam.conf(5), pam.d(5), pam(8)AUTHOR
pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.
Linux-PAM Manual 09/19/2013 PAM_LOCALUSER(8)
Check Out this Related Man Page
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)NAME
pam_wheel - Only permit root access to members of group wheel
SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.
root_only
The check for wheel membership is done only.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
MODULE TYPES PROVIDED
The auth and account module types are provided.
RETURN VALUES
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
SEE ALSO pam.conf(5), pam.d(5), pam(7)AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
Linux-PAM Manual 05/31/2011 PAM_WHEEL(8)
I'm trying to write a script which prints out the users who are loged in.
Printing the output of the "users" command isn't the problem. What I want is to filter out my own username.
users | grep -v (username)
does not work because the whole line in which username exists is suppressed.
If... (5 Replies)
Hi there,
I have more that 300 servers that I need to updated the comments field on /etc/passwd for users that have a blank comments fields. The users have accounts on different servers. I have created a list of these users on a text file called update_passwd.txt.
I need a script that will... (6 Replies)
Greetings Forumers!
I have created several Application accounts on servers that run cron jobs but should not allow direct logins. These accounts have a password set but have been modified with 'passwd -N'.
Now my users are complaining that they cannot become that application account with... (3 Replies)
This command prints out username/users in /etc/passwd:
cut -d ':' -f '1,5' /etc/passwd | sort
I wonder if I also, after above commands output, can get an output that lists number of users in the group? I need to use uniq to get rid of duplicates.
I´ve tried this, but cant get it right, can... (5 Replies)
hi seniors
i want to create the users like when the user try to login it should not
should not promt for passwd is it possible to create users like this
please help me (6 Replies)
Hello Experts,
Guide me how to add new users (user id , passwd) in unix/Linux with different privileges
like -->
1> It can be accessible by telnet (or where i should check/change to give different privileges like telnet or ssh2 or FTP)
2> can run only 1 command / script (2 Replies)
Hi
I wanted to convert my pam libraries to 64 bit. so recently compiled my pam_banner and pam_wheel to 64 bit.
I got the following error...
sshd: dlsym failed pam_sm_authenticate:error ld.so.1 : sshd fatal: pam_sm_authenticate: can't find symbol
thnaks (8 Replies)
I've got a number of RHEL systems and I'm trying to use awk to read and format the output of /etc/passwd. But I'd like to display the host name of the system at the beginning of each line of output.
I've got it working without the adding the host name in this script:
#!/bin/bash
... (3 Replies)
Our site is currently "under abuse" from a botnet which is directing a small subset of internet users (not forum users) to a rarely used full page advertising URL and attempting to redirect the user, via that URL to other web sites. This is a kind of "spam" botnet; using a URL redirection... (16 Replies)
Hello and thanks in advance for anyone that can offer me any help with this!
I'm trying to figure out a quick & easy way to see a list of everyone's effective user id... I would have thought 'w' or 'who' would be able to display if someone had switched user accounts... but it's only showing the... (3 Replies)