NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON |
|
|
PAM_LOGINUID(8) Linux-PAM Manual PAM_LOGINUID(8)
pam_loginuid - Record user's login uid to the process attribute
pam_loginuid.so [require_auditd]
The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to.
require_auditd This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running.
Only the session module type is provided.
PAM_SUCCESS The loginuid value is set and auditd is running if check requested. PAM_IGNORE The /proc/self/loginuid file is not present on the system or the login process runs inside uid namespace and kernel does not support overwriting loginuid. PAM_SESSION_ERR Any other error prevented setting loginuid or auditd is not running.
#%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so
pam.conf(5), pam.d(5), pam(8), auditctl(8), auditd(8)
pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>
This page is part of the linux-pam (Pluggable Authentication
Modules for Linux) project. Information about the project can be
found at ⟨http://www.linux-pam.org/⟩. If you have a bug report
for this manual page, see ⟨//www.linux-pam.org/⟩. This page was
obtained from the project's upstream Git repository
⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22. (At
that time, the date of the most recent commit that was found in
the repository was 2023-12-18.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
Linux-PAM Manual 12/22/2023 PAM_LOGINUID(8)
Pages that refer to this page: audit_setloginuid(3), ausearch(8), pam_systemd(8)