{ "content": [ { "type": "text", "text": "# PAM_WHEEL (man)\n\n## NAME\n\npamwheel - Only permit root access to members of group wheel\n\n## SYNOPSIS\n\npamwheel.so [debug] [deny] [group=name] [rootonly] [trust]\n\n## DESCRIPTION\n\nThe pamwheel PAM module is used to enforce the so-called wheel group. By default it permits\naccess to the target user if the applicant user is a member of the wheel group. If no group\nwith this name exist, the module is using the group with the group-ID 0.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (3 subsections)\n- **MODULE TYPES PROVIDED**\n- **RETURN VALUES**\n- **EXAMPLES**\n- **SEE ALSO**\n- **AUTHOR**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "PAM_WHEEL", "section": "", "mode": "man", "summary": "pamwheel - Only permit root access to members of group wheel", "synopsis": "pamwheel.so [debug] [deny] [group=name] [rootonly] [trust]", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [ "The root account gains access by default (rootok), only wheel members can become root (wheel)", "but Unix authenticate non-root applicants.", "su auth sufficient pamrootok.so", "su auth required pamwheel.so", "su auth required pamunix.so" ], "see_also": [ { "name": "pam.conf", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/pam.conf/5/json" }, { "name": "pam.d", "section": "5", "url": "https://www.chedong.com/phpMan.php/man/pam.d/5/json" }, { "name": "pam", "section": "7", "url": "https://www.chedong.com/phpMan.php/man/pam/7/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 4, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "debug", "lines": 2 }, { "name": "deny", "lines": 12 }, { "name": "trust", "lines": 4 } ] }, { "name": "MODULE TYPES PROVIDED", "lines": 2, "subsections": [] }, { "name": "RETURN VALUES", "lines": 21, "subsections": [] }, { "name": "EXAMPLES", "lines": 9, "subsections": [] }, { "name": "SEE ALSO", "lines": 2, "subsections": [] }, { "name": "AUTHOR", "lines": 5, "subsections": [] } ], "sections": { "NAME": { "content": "pamwheel - Only permit root access to members of group wheel\n", "subsections": [] }, "SYNOPSIS": { "content": "pamwheel.so [debug] [deny] [group=name] [rootonly] [trust]\n", "subsections": [] }, "DESCRIPTION": { "content": "The pamwheel PAM module is used to enforce the so-called wheel group. By default it permits\naccess to the target user if the applicant user is a member of the wheel group. If no group\nwith this name exist, the module is using the group with the group-ID 0.\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "debug", "content": "Print debug information.\n" }, { "name": "deny", "content": "Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is\na member of the wheel group (or the group of the group option), deny access. Conversely,\nif the user is not in the group, return PAMIGNORE (unless trust was also specified, in\nwhich case we return PAMSUCCESS).\n\ngroup=name\nInstead of checking the wheel or GID 0 groups, use the name group to perform the\nauthentication.\n\nrootonly\nThe check for wheel membership is done only when the target user UID is 0.\n" }, { "name": "trust", "content": "The pamwheel module will return PAMSUCCESS instead of PAMIGNORE if the user is a\nmember of the wheel group (thus with a little play stacking the modules the wheel members\nmay be able to su to root without being prompted for a passwd).\n" } ] }, "MODULE TYPES PROVIDED": { "content": "The auth and account module types are provided.\n", "subsections": [] }, "RETURN VALUES": { "content": "PAMAUTHERR\nAuthentication failure.\n\nPAMBUFERR\nMemory buffer error.\n\nPAMIGNORE\nThe return value should be ignored by PAM dispatch.\n\nPAMPERMDENY\nPermission denied.\n\nPAMSERVICEERR\nCannot determine the user name.\n\nPAMSUCCESS\nSuccess.\n\nPAMUSERUNKNOWN\nUser not known.\n", "subsections": [] }, "EXAMPLES": { "content": "The root account gains access by default (rootok), only wheel members can become root (wheel)\nbut Unix authenticate non-root applicants.\n\nsu auth sufficient pamrootok.so\nsu auth required pamwheel.so\nsu auth required pamunix.so\n\n\n", "subsections": [] }, "SEE ALSO": { "content": "pam.conf(5), pam.d(5), pam(7)\n", "subsections": [] }, "AUTHOR": { "content": "pamwheel was written by Cristian Gafton .\n\n\n\nLinux-PAM Manual 06/08/2020 PAMWHEEL(8)", "subsections": [] } } } }