Man page - pam_rootok(8)
Packages contas this manual
- pam_warn(8)
- pam_nologin(8)
- unix_chkpwd(8)
- sepermit.conf(5)
- pam_loginuid(8)
- pam_mail(8)
- limits.conf(5)
- faillock(8)
- pwhistory_helper(8)
- pam_mkhomedir(8)
- pam.d(5)
- pam_limits(8)
- pam_rhosts(8)
- pam_localuser(8)
- pam_stress(8)
- pam_group(8)
- pam_sepermit(8)
- namespace.conf(5)
- access.conf(5)
- environment(5)
- pam_setquota(8)
- pam_listfile(8)
- pam-auth-update(8)
- pam_selinux(8)
- pam_unix(8)
- pam_issue(8)
- pam_pwhistory(8)
- pam_filter(8)
- pam_echo(8)
- pam_faillock(8)
- pam_motd(8)
- pam_getenv(8)
- pam_faildelay(8)
- mkhomedir_helper(8)
- pam_permit(8)
- pam_env.conf(5)
- pam_exec(8)
- pam_access(8)
- pam_xauth(8)
- pam_time(8)
- pam_wheel(8)
- pam(7)
- pam_env(8)
- pam_umask(8)
- pam_usertype(8)
- pam_namespace_helper(8)
- pam_timestamp(8)
- pam_rootok(8)
- group.conf(5)
- pam_securetty(8)
- faillock.conf(5)
- pam_userdb(8)
- pam_keyinit(8)
- pwhistory.conf(5)
- pam.conf(5)
- pam_canonicalize_user(8)
- time.conf(5)
- pam_tty_audit(8)
- pam_debug(8)
- pam_shells(8)
- pam_ftp(8)
- pam_deny(8)
- pam_namespace(8)
- pam_timestamp_check(8)
- unix_update(8)
- pam_succeed_if(8)
apt-get install libpam-runtime
Manual
| PAM_ROOTOK(8) | Linux-PAM Manual | PAM_ROOTOK(8) |
NAME
pam_rootok - Gain only root access
SYNOPSIS
pam_rootok.so [debug]
DESCRIPTION
pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked.
OPTIONS
debug
MODULE TYPES PROVIDED
The auth, account and password module types are provided.
RETURN VALUES
PAM_SUCCESS
PAM_AUTH_ERR
EXAMPLES
In the case of the su(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su configuration file:
# su authentication. Root is granted access by default. auth sufficient pam_rootok.so auth required pam_unix.so
SEE ALSO
su(1), pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.
| 06/29/2025 | Linux-PAM |