logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

pam_group - PAM module for group access

Contents

Authors

       pam_group was written by Andrew G. Morgan <morgan@kernel.org>.

Linux-PAM                                          07/03/2025                                       PAM_GROUP(8)

Description

       The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the
       credential setting phase of the authentication module) to the user. Such memberships are based on the
       service they are applying for.

       By default rules for group memberships are taken from config file /etc/security/group.conf.

       This module's usefulness relies on the file-systems accessible to the user. The point being that once
       granted the membership of a group, the user may attempt to create a setgid binary with a restricted group
       ownership. Later, when the user is not given membership to this group, they can recover group membership
       with the precompiled binary. The reason that the file-systems that the user has access to are so
       significant, is the fact that when a system is mounted nosuid the user is unable to create or execute
       such a binary file. For this module to provide any level of security, all file-systems that the user has
       write access to should be mounted nosuid.

       The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups
       based on the behavior of this module, they are granted inaddition to those entries /etc/group (or
       equivalent).

Files

/etc/security/group.conf
           Default configuration file

Module Types Provided

       Only the auth module type is provided.

Name

       pam_group - PAM module for group access

Options

       This module does not recognise any options.

Return Values

       PAM_SUCCESS
           group membership was granted.

       PAM_ABORT
           Not all relevant data could be gotten.

       PAM_BUF_ERR
           Memory buffer error.

       PAM_CRED_ERR
           Group membership was not granted.

       PAM_IGNORE
           pam_sm_authenticate was called which does nothing.

       PAM_USER_UNKNOWN
           The user is not known to the system.

See Also

group.conf(5), pam.d(5), pam(7).

Synopsis

pam_group.so

See Also

Man Pages
group Man Pages
Man Pages
module Man Pages
User
User PNG Icons
Filing
Filing PNG Icons
Vip Access
Vip Access PNG Icons
Card Membership
Card Membership SVG Icons
Accessible
Accessible PNG Icons
Binary
Binary PNG Icons
Man Pages
Apache::Session::Serialize::MongoDB Man Pages
← View System admin Category← Back to Security and firewalls🙏  Credits & Acknowledgments