2
$Id: pam_rootok.sgml,v 1.1.1.2 2002/09/15 20:08:32 hartmans Exp $
4
This file was written by Andrew G. Morgan <morgan@kernel.org>
7
<sect1>The root access module
14
<tag><bf>Module Name:</bf></tag>
17
<tag><bf>Author:</bf></tag>
18
Andrew G. Morgan <morgan@kernel.org>
20
<tag><bf>Maintainer:</bf></tag>
21
<bf>Linux-PAM</bf> maintainer
23
<tag><bf>Management groups provided:</bf></tag>
26
<tag><bf>Cryptographically sensitive:</bf></tag>
28
<tag><bf>Security rating:</bf></tag>
30
<tag><bf>Clean code base:</bf></tag>
33
<tag><bf>System dependencies:</bf></tag>
35
<tag><bf>Network aware:</bf></tag>
39
<sect2>Overview of module
42
This module is for use in situations where the superuser wishes
43
to gain access to a service without having to enter a password.
45
<sect2>Authentication component
50
<tag><bf>Recognized arguments:</bf></tag>
53
<tag><bf>Description:</bf></tag>
55
This module authenticates the user if their <tt/uid/ is <tt/0/.
56
Applications that are created <em/setuid/-root generally retain the
57
<tt/uid/ of the user but run with the authority of an enhanced
58
<em/effective-/<tt/uid/. It is the real <tt/uid/ that is checked.
60
<tag><bf>Examples/suggested usage:</bf></tag>
62
In the case of the <tt/su/ application the historical usage is to
63
permit the superuser to adopt the identity of a lesser user without
64
the use of a password. To obtain this behavior under <tt/Linux-PAM/
65
the following pair of lines are needed for the corresponding entry in
66
the configuration file:
70
# su authentication. Root is granted access by default.
72
su auth sufficient pam_rootok.so
73
su auth required pam_unix_auth.so
78
Note. For programs that are run by the superuser (or started when the
79
system boots) this module should not be used to authenticate users.
84
End of sgml insert for this module.