man7.org > Linux > man-pages

Linux/UNIX system programming training

pam_rootok(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON 

PAM_ROOTOK(8)               Linux-PAM Manual               PAM_ROOTOK(8)

NAME         top

       pam_rootok - Gain only root access

SYNOPSIS         top


       pam_rootok.so [debug]

DESCRIPTION         top

       pam_rootok is a PAM module that authenticates the user if their
       UID is 0. Applications that are created setuid-root generally
       retain the UID of the user but run with the authority of an
       enhanced effective-UID. It is the real UID that is checked.

OPTIONS         top

       debug
           Print debug information.

MODULE TYPES PROVIDED         top

       The auth, account and password module types are provided.

RETURN VALUES         top

       PAM_SUCCESS
           The UID is 0.

       PAM_AUTH_ERR
           The UID is not 0.

EXAMPLES         top

       In the case of the su(1) application the historical usage is to
       permit the superuser to adopt the identity of a lesser user
       without the use of a password. To obtain this behavior with PAM
       the following pair of lines are needed for the corresponding
       entry in the /etc/pam.d/su configuration file:

           # su authentication. Root is granted access by default.
           auth  sufficient   pam_rootok.so
           auth  required     pam_unix.so

SEE ALSO         top

       su(1), pam.conf(5), pam.d(5), pam(8)

AUTHOR         top

       pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication
       Modules for Linux) project.  Information about the project can be
       found at ⟨http://www.linux-pam.org/⟩.  If you have a bug report
       for this manual page, see ⟨//www.linux-pam.org/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://github.com/linux-pam/linux-pam.git⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-18.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

Linux-PAM Manual               12/22/2023                  PAM_ROOTOK(8)

HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI