Man page - pam_newnet(8)

Packages contains this manual

Package:  libpam-net
apt-get install libpam-net

Manuals in package:
• pam_newnet(8)
• pam_usernet(8)
• pam_groupnet(8)
Documentations in package:
• libpam-net

Manual

PAM_NEWNET

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
RETURN VALUES
EXAMPLES
SEE ALSO
AUTHOR

---

NAME

pam_newnet - create a new network namespace at login

SYNOPSIS

pam_newnet.so

DESCRIPTION

The pam_newnet PAM module creates a new network namespace at login for users in the newnet group.

Users in the newnet group can log-in through a network connection (e.g. by ssh) but their processes cannot communicate. The only interface they can see is the localhost of the namespace created at login time.

When pam_newnet is used together with a specific cado(1) configuration users can configure their own networking services. (see https://github.com/rd235/cado)

The nsutils tools, and more specfically netnsjoin(1) , allow users to assign placeholders to keep namespaces alive, assign meaningful tags for an easier management, and later join any of their own namespaces (see https://github.com/rd235/nsutils)

OPTIONS

group= groupname

the module operates on users in the group groupname instead of newnet .

lodown

leave the localhost lo interface in the state DOWN.

RETURN VALUES

PAM_IGNORE

User does not belong to the newnet group.

PAM_ABORT

Error in retrieving the user id or in the namespace creation.

PAM_SUCCESS

Success.

EXAMPLES

Add the following lines to /etc/pam.d/sshd or /etc/pam.d/login

session required pam_newnet.so

session required pam_newnet.so group=lonet lodown

SEE ALSO

pam.conf (5), pam.d (5), pam (7)

AUTHOR

pam_newnet was written by Renzo Davoli and Eduard Caizer, University of Bologna

---