Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PAM_GROUP(8)		FreeBSD	System Manager's Manual		  PAM_GROUP(8)

     pam_group -- Group	PAM module

     [service-name] module-type	control-flag pam_group [arguments]

     The group service module for PAM accepts or rejects users based on	their
     membership	in a particular	file group.  pam_group provides	functionality
     for two PAM categories: authentication and	account	management.  In	terms
     of	the module-type	parameter, they	are the	``auth'' and ``account'' fea-

     The following options may be passed to the	pam_group module:

     deny	Reverse	the meaning of the test, i.e., reject the applicant if
		and only if he or she is a member of the specified group.
		This can be useful to exclude certain groups of	users from
		certain	services.

     fail_safe	If the specified group does not	exist, or has no members, act
		as if it does exist and	the applicant is a member.

		Specify	the name of the	group to check.	 The default is

     luser	Accept or reject based on the target user's group membership.

     root_only	Skip this module entirely if the target	account	is not the su-
		peruser	account.

     ruser	Accept or reject based on the supplicant's group membership.
		This is	the default.

     Note that the luser and ruser options are mutually	exclusive, and that
     pam_group will fail if both are specified.

     pam.conf(5), pam(8)

     The pam_group module and this manual page were developed for the FreeBSD
     Project by	ThinkSec AS and	NAI Labs, the Security Research	Division of
     Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
     ("CBOSS"),	as part	of the DARPA CHATS research program.

FreeBSD	13.0			 July 19, 2014			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help