Dr Andrew Scott G7VAV
MBCS, MIET, Member ACM, Member IEEE
My photo
Senior Lecturer
School of Computing
    and Communications

D35 InfoLab21
Lancaster University
Lancaster, LA1 4WA
United Kingdom
 
April 2024
Mo Tu We Th Fr Sa Su
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 1 2 3 4 5
6 7 8 9 10 11 12

SEPERMIT.CONF

Section: Linux-PAM Manual (5)
Updated: 06/04/2011
Index Return to Main Contents
 

NAME

sepermit.conf - configuration file for the pam_sepermit module  

DESCRIPTION

The lines of the configuration file have the following syntax:

<user>[:<option>:<option>...]

The user can be specified in the following manner:

• a username

• a groupname, with @group syntax. This should not be confused with netgroups.

• a SELinux user name with %seuser syntax.

The recognized options are:

exclusive

Only single login session will be allowed for the user and the user's processes will be killed on logout.

ignore

The module will never return PAM_SUCCESS status for the user. It will return PAM_IGNORE if SELinux is in the enforcing mode, and PAM_AUTH_ERR otherwise. It is useful if you want to support passwordless guest users and other confined users with passwords simultaneously.

The lines which start with # character are comments and are ignored.  

EXAMPLES

These are some example lines which might be specified in /etc/security/sepermit.conf. 

%guest_u:exclusive
%staff_u:ignore
%user_u:ignore
 

SEE ALSO

pam_sepermit(8), pam.d(5), pam(8), selinux(8),  

AUTHOR

pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com>

 

Index

NAME
DESCRIPTION
EXAMPLES
SEE ALSO
AUTHOR
for client 3.145.36.10
© Andrew Scott 2006 - 2024,
All Rights Reserved
http://www.andrew-scott.uk/
Andrew Scott
http://www.andrew-scott.co.uk/