pam_loginuid(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON

PAM_LOGINUID(8)             Linux-PAM Manual             PAM_LOGINUID(8)

NAME         top

       pam_loginuid - Record user's login uid to the process attribute

SYNOPSIS         top


       pam_loginuid.so [require_auditd]

DESCRIPTION         top

       The pam_loginuid module sets the loginuid process attribute for
       the process that was authenticated. This is necessary for
       applications to be correctly audited. This PAM module should only
       be used for entry point applications like: login, sshd, gdm,
       vsftpd, crond and atd. There are probably other entry point
       applications besides these. You should not use it for
       applications like sudo or su as that defeats the purpose by
       changing the loginuid to the account they just switched to.

OPTIONS         top

       require_auditd
           This option, when given, will cause this module to query the
           audit daemon status and deny logins if it is not running.

MODULE TYPES PROVIDED         top

       Only the session module type is provided.

RETURN VALUES         top

       PAM_SUCCESS
           The loginuid value is set and auditd is running if check
           requested.

       PAM_IGNORE
           The /proc/self/loginuid file is not present on the system or
           the login process runs inside uid namespace and kernel does
           not support overwriting loginuid.

       PAM_SESSION_ERR
           Any other error prevented setting loginuid or auditd is not
           running.

EXAMPLES         top

           #%PAM-1.0
           auth       required     pam_unix.so
           auth       required     pam_nologin.so
           account    required     pam_unix.so
           password   required     pam_unix.so
           session    required     pam_unix.so
           session    required     pam_loginuid.so

SEE ALSO         top

       pam.conf(5), pam.d(5), pam(8), auditctl(8), auditd(8)

AUTHOR         top

       pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication
       Modules for Linux) project.  Information about the project can be
       found at ⟨http://www.linux-pam.org/⟩.  If you have a bug report
       for this manual page, see ⟨//www.linux-pam.org/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-18.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

Linux-PAM Manual               12/22/2023                PAM_LOGINUID(8)

Pages that refer to this page: audit_setloginuid(3)ausearch(8)pam_systemd(8)