pam_groupnet - join/create a specific network namespace at login

       pam_groupnet was written by Renzo Davoli and Eduard Caizer, University of Bologna

VirtualSquare Labs                               August 17, 2016                                 PAM_GROUPNET(8)

       The pam_groupnet PAM module allow each user in groupnet group to join a specific network namespace.

       If the specified network namespace exists, pam runs the user shell in that namespace. If such a namespace
       does does not exist, it is created during the login process.

       The  system  administrator  can  specify  the  network namespace to join by creating groups starting with
       groupnet-. The text written after the dash will be used as the network namespace name to join or  create.
       Users will join the network namespace at login.

       If  a  user is part of multiple groups starting with groupnet-, the first one that matches is used. Group
       testing order is as returned by getgrouplist(3).

       Add the following line to /etc/pam.d/sshd or /etc/pam.d/login

               session   required  pam_groupnet.so

       pam_groupnet - join/create a specific network namespace at login

group=groupname
           the module operates on users in the group groupname- instead of groupnet-.

       lodown
           leave the localhost lo interface in the state DOWN.

       rootshared
           Leave the root filesystem / as shared so mounts can propagate out to the parent  namespace.  Warning:
           this feature can create security vulnerabilities if not properly used.

       PAM_IGNORE
           User does not belong to any groupnet-* group.

       PAM_ABORT
           Error in retrieving the user id or in the namespace creation/joining.

       PAM_SUCCESS
           Success.

pam.conf(5), pam.d(5), pam(7)

pam_groupnet.so