Man page - pam_groupnet(8)

Packages contains this manual

Package:  libpam-net
apt-get install libpam-net

Manuals in package:
• pam_newnet(8)
• pam_usernet(8)
• pam_groupnet(8)
Documentations in package:
• libpam-net

Manual

PAM_GROUPNET

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
RETURN VALUES
EXAMPLES
SEE ALSO
AUTHOR

---

NAME

pam_groupnet - join/create a specific network namespace at login

SYNOPSIS

pam_groupnet.so

DESCRIPTION

The pam_groupnet PAM module allow each user in groupnet group to join a specific network namespace.

If the specified network namespace exists, pam runs the user shell in that namespace. If such a namespace does does not exist, it is created during the login process.

The system administrator can specify the network namespace to join by creating groups starting with groupnet- . The text written after the dash will be used as the network namespace name to join or create. Users will join the network namespace at login.

If a user is part of multiple groups starting with groupnet- , the first one that matches is used. Group testing order is as returned by getgrouplist(3) .

OPTIONS

group= groupname

the module operates on users in the group groupname- instead of groupnet- .

lodown

leave the localhost lo interface in the state DOWN.

rootshared

Leave the root filesystem / as shared so mounts can propagate out to the parent namespace. Warning: this feature can create security vulnerabilities if not properly used.

RETURN VALUES

PAM_IGNORE

User does not belong to any groupnet-* group.

PAM_ABORT

Error in retrieving the user id or in the namespace creation/joining.

PAM_SUCCESS

Success.

EXAMPLES

Add the following line to /etc/pam.d/sshd or /etc/pam.d/login

session required pam_groupnet.so

SEE ALSO

pam.conf (5), pam.d (5), pam (7)

AUTHOR

pam_groupnet was written by Renzo Davoli and Eduard Caizer, University of Bologna

---