table of contents
PAM_SECURETTY(8) | Linux-PAM Manual | PAM_SECURETTY(8) |
NAME¶
pam_securetty - Limit root login to special devices
SYNOPSIS¶
pam_securetty.so [debug]
DESCRIPTION¶
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in the securetty file. pam_securetty checks at first, if /etc/securetty exists. If not and it was built with vendordir support, it will use <vendordir>/securetty. pam_securetty also checks that the securetty files are plain files and not world writable. It will also allow root logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/console/active.
This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.
For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.
OPTIONS¶
debug
noconsole
MODULE TYPES PROVIDED¶
Only the auth module type is provided.
RETURN VALUES¶
PAM_SUCCESS
PAM_AUTH_ERR
PAM_BUF_ERR
PAM_CONV_ERR
PAM_INCOMPLETE
PAM_SERVICE_ERR
PAM_USER_UNKNOWN
EXAMPLES¶
auth required pam_securetty.so auth required pam_unix.so
SEE ALSO¶
AUTHOR¶
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
11/25/2020 | Linux-PAM Manual |