The group service module for PAM accepts or rejects users based on
their membership in a particular file group.
pam_group
provides functionality for two PAM categories: authentication and
account management.
In terms of the module-type parameter, they are the ``auth'' and
``account'' features.
The following options may be passed to the
pam_group
module:
|
| deny
|
Reverse the meaning of the test, i.e., reject the applicant if and only
if he or she is a member of the specified group.
This can be useful to exclude certain groups of users from certain
services.
|
| fail_safe
|
| |
If the specified group does not exist, or has no members, act as if
it does exist and the applicant is a member.
|
| group=groupname
|
| |
Specify the name of the group to check.
The default is
"wheel".
|
| luser
|
Accept or reject based on the target user's group membership.
|
| root_only
|
| |
Skip this module entirely if the target account is not the superuser
account.
|
| ruser
|
Accept or reject based on the supplicant's group membership.
This is the default.
|
|
Note that the
luser
and
ruser
options are mutually exclusive, and that
pam_group
will fail if both are specified.
