The group service module for PAM accepts or rejects users based on
their membership in a particular file group.
The following options may be passed to the
module:
deny
Reverse the meaning of the test, i.e., reject the applicant if and only
if he or she is a member of the specified group.
This can be useful to exclude certain groups of users from certain
services.
fail_safe
If the specified group does not exist, or has no members, act as if
it does exist and the applicant is a member.
group = groupname
Specify the name of the group to check.
The default is
``wheel
''
root_only
Skip this module entirely if the target account is not the superuser
account.
The
module and this manual page were developed for the
Fx Project by
ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''
)
as part of the DARPA CHATS research program.
