6.17. pam_localuser - require users to be listed in /etc/passwd

pam_localuser.so [ debug ] [ file= /path/passwd ]

6.17.1. DESCRIPTION

pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users.

This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out.

6.17.2. OPTIONS

  • debug

    • Print debug information.
  • file=/path/passwd

    • Use a file other than /etc/passwd .

6.17.3. MODULE TYPES PROVIDED

All module types ( account , auth , password and session ) are provided.

6.17.4. RETURN VALUES

  • PAM_SUCCESS

    • The new localuser was set successfully.
  • PAM_SERVICE_ERR

    • No username was given.
  • PAM_USER_UNKNOWN

    • User not known.

6.17.5. EXAMPLES

Add the following line to /etc/pam.d/su to allow only local users in group wheel to use su.

account sufficient pam_localuser.so
account required pam_wheel.so

6.17.6. AUTHOR

pam_localuser was written by Nalin Dahyabhai nalin@redhat.com.

Updated at: 5 months ago
6.16. pam_listfile - deny or allow services based on an arbitrary fileTable of content6.18. pam_loginuid - record user's login uid to the process attribute