aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-05-06 17:24:58 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2014-05-06 17:24:58 +0300
commit0c37dfded3f1208bb1fa4ff06dd30ac5ff522308 (patch)
tree30095b6536d0f9aa0f28e6a8b3480a2dd0c5343d /doc
parent43427d51405bbda49f8f86e0a5426940a6fb578a (diff)
downloadpam-modules-0c37dfded3f1208bb1fa4ff06dd30ac5ff522308.tar.gz
pam-modules-0c37dfded3f1208bb1fa4ff06dd30ac5ff522308.tar.bz2
New module: pam_groupmember
* Makefile.am: Add pam_groupmember. * configure.ac: Likewise. * NEWS: Update. * pam_groupmember/Makefile.am: New file. * pam_groupmember/pam_groupmember.c: New file, * doc/Makefile.am: Add pam_groupmember.8 * doc/pam-modules.texi: Document pam_groupmember * doc/pam_groupmember.8: New file. * lib/graypam.h (gray_calloc, gray_strdup): New protos. * lib/mem.c (gray_calloc, gray_strdup): New functions.
Diffstat (limited to 'doc')
-rw-r--r--doc/Makefile.am3
-rw-r--r--doc/pam-modules.texi46
-rw-r--r--doc/pam_groupmember.8125
3 files changed, 174 insertions, 0 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am
index d42be90..e792390 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -39,6 +39,9 @@ endif
if PAM_COND_PGSQL
dist_man_MANS += pam_pgsql.8
endif
+if PAM_COND_GROUPMEMBER
+ dist_man_MANS += pam_groupmember.8
+endif
config.so: $(top_srcdir)/configure.ac $(top_srcdir)/doc/Makefile.am
$(AM_V_GEN){\
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index 28043f4..a0578da 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -34,6 +34,7 @@
* pam_ldaphome (pam-modules)ldaphome Maintain home directories and
SSH keys od LDAP users.
* pam_umotd (pam-modules)umotd Display a user-specific MOTD.
+* pam_groupmember (pam_modules)groupmember Test group membership.
* pamck: (pam-modules)pamck. Verify PAM Access.
@end direntry
@end ifinfo
@@ -85,6 +86,7 @@ Individual modules
* sql:: Modules for SQL authentication and session management.
* ldaphome:: Maintain home directories and SSH keys of LDAP users.
* umotd:: Display a user-specific MOTD.
+* groupmember:: Test group membership.
* Reporting Bugs:: How to Report a Bug.
@@ -1453,6 +1455,50 @@ Exit immediately if the 5-minute load average is greater than or equal
to @var{d} (a floating-point number).
@end table
+@node groupmember
+@chapter pam_groupmember
+@set MODULE pam_umotd
+@cindex groupmember
+@cindex group membership
+@cindex test group membership
+
+The @command{pam_groupmember} module checks whether the user is member
+of one or more groups. Both primary and supplementary groups are
+checked. The list of groups to be checked is given with the
+@option{groups} option. Its argument is a comma-separated list of
+group names of numeric IDs, prefixed with @samp{+} sign.
+
+The module returns PAM_SUCCESS if the user is member of one of the
+supplied groups and PAM_AUTH_ERR on otherwise. The return value can
+be inverted using the @option{sense=deny} option.
+
+Additionally, the module can return PAM_USER_UNKNOWN if the user is
+not known and PAM_AUTHINFO_UNAVAIL if unable to retrieve the user
+name.
+
+The @command{pam_groupmember} module can be used in any PAM service stack.
+
+@menu
+* summary of pam_groupmember options::
+@end menu
+
+@node summary of pam_groupmember options
+@section Summary of @command{pam_groupmember} options
+
+@table @option
+@opsummary{groups}
+@item groups=@var{group-list}
+Defines groups to check against. The argument is a comma-separated
+list of group names or IDs. Group IDs must be prefixed with a plus
+sign.
+
+@opsummary{sense}
+@item sense=@{allow|deny@}
+ What to do on success. The value @samp{allow} means to return
+@code{PAM_SUCCESS}, @samp{deny} means to return @code{PAM_AUTH_ERR}.
+Default is @samp{allow}.
+@end table
+
@node Reporting Bugs
@chapter How to Report a Bug
diff --git a/doc/pam_groupmember.8 b/doc/pam_groupmember.8
new file mode 100644
index 0000000..243cefb
--- /dev/null
+++ b/doc/pam_groupmember.8
@@ -0,0 +1,125 @@
+.\" This file is part of PAM-Modules -*- nroff -*-
+.\" Copyright (C) 2001-2014 Sergey Poznyakoff
+.\"
+.\" PAM-Modules is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3, or (at your option)
+.\" any later version.
+.\"
+.\" PAM-Modules is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
+.TH PAM_GROUPMEMBER 8 "May 6, 2014" "PAM-MODULES" "Pam-Modules User Reference"
+.SH NAME
+pam_groupmember \- test group membership
+.SH SYNOPSIS
+.nh
+.na
+\fBpam_groupmember\fR\
+ \fBgroups=\fIGROUPLIST\fR\
+ [\fBsense=\fISENSE\fR]\
+ [\fBdebug\fR[\fB=\fINUMBER\fR]]\
+ [\fBwaitdebug\fR]\
+ [\fBaudit\fR]
+.ad
+.hy
+.SH DESCRIPTION
+Tests if the user is member of at least one group from
+\fIGROUPLIST\fR. \fIGROUPLIST\fR is a comma-separated list of
+group names or IDs (numbers prefixed with a plus sign).
+.SH OPTIONS
+.TP
+\fBgroups=\fIGROUPLIST\fR
+Defines a list of groups to check against. \fIGROUPLIST\fR is a
+comma-separated list of group names. A group name prefixed with a
+plus sign is treated as GID number.
+.TP
+\fBsense=allow\fR|\fBdeny\fR
+What to do if the user name matches the expression given by the
+\fBregex\fR option. The value \fBallow\fR (the default) instructs the
+module to return \fBPAM_SUCCESS\fR, the \fBdeny\fR instructs it to
+return \fBPAM_AUTH_ERR\fR.
+.TP
+\fBdebug\fR[\fB=\fINUMBER\fR]
+Set debugging level (0 <= \fINUMBER\fR <= 100).
+.TP
+\fBaudit\fR
+Log auditing information.
+.TP
+\fBwaitdebug=\fIN\fR
+Wait for \fIN\fR seconds before starting up. This option is intended
+to facilitate attaching to the module with
+.BR gdb (1).
+It is available only if the package was configured with
+the \fB\-\-enable\-debug\fR option.
+.SH MODULE TYPES PROVIDED
+All module types (\fBaccount\fR, \fBauth\fR, \fBpassword\fR and
+\fBsession\fR) are provided.
+.SH RETURN VALUES
+.TP
+.B PAM_SUCCESS
+Successful return.
+.TP
+.B PAM_AUTH_ERR
+Authentication failed.
+.TP
+.B PAM_AUTHINFO_UNAVAIL
+The input information is not sufficient.
+.TP
+.B PAM_USER_UNKNOWN
+Supplied username not found.
+.SH EXAMPLES
+auth required pam_groupmember.so groups=users,+80,ftp
+.SH NOTE
+This manpage is a short description of \fBpam_groupmember\fR. For a detailed
+discussion, including examples and usage recommendations, refer to the
+\fBPAM-modules Manual\fR available in texinfo format. If the \fBinfo\fR
+reader and the tar documentation are properly installed on your
+system, the command
+.PP
+.RS +4
+.B info pam-modules
+.RE
+.PP
+should give you access to the complete manual.
+.PP
+You can also view the manual using the info mode in
+.BR emacs (1),
+or find it in various formats online at
+.PP
+.RS +4
+.B http://www.gnu.org.ua/software/pam-modules/manual
+.RE
+.PP
+If any discrepancies occur between this manpage and the
+\fBPAM-modules Manual\fR, the later shall be considered the authoritative
+source.
+.SH "SEE ALSO"
+.BR pam.conf (5),
+.BR pam.d (5),
+.BR pam (8).
+.SH AUTHORS
+Sergey Poznyakoff <gray@gnu.org>
+.SH "BUG REPORTS"
+Report bugs to <bug\-pam\-modules@gnu.org.ua>.
+.SH COPYRIGHT
+Copyright \(co 2001-2014 Sergey Poznyakoff
+.br
+.na
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+.br
+.ad
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+.\" Local variables:
+.\" eval: (add-hook 'write-file-hooks 'time-stamp)
+.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \""
+.\" time-stamp-format: "%:B %:d, %:y"
+.\" time-stamp-end: "\""
+.\" time-stamp-line-limit: 20
+.\" end:
+

Return to:

Send suggestions and report system problems to the System administrator.