PAM_SECURETTY(8) | Linux-PAM Manual | PAM_SECURETTY(8) |
NAME
pam_securetty - Limit root login to special devices
SYNOPSIS
pam_securetty.so [debug]
DESCRIPTION
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in the securetty file. pam_securetty checks at first, if /etc/securetty exists. If not and it was built with vendordir support, it will use /securetty. pam_securetty also checks that the securetty files are plain files and not world writable. It will also allow root logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/console/active.
This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.
For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.
OPTIONS
debug
noconsole
MODULE TYPES PROVIDED
Only the auth module type is provided.
RETURN VALUES
PAM_SUCCESS
PAM_AUTH_ERR
PAM_BUF_ERR
PAM_CONV_ERR
PAM_INCOMPLETE
PAM_SERVICE_ERR
PAM_USER_UNKNOWN
EXAMPLES
auth required pam_securetty.so auth required pam_unix.so
SEE ALSO
AUTHOR
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
11/18/2024 | Linux-PAM |