Man page - pam_securetty(8)
Packages contas this manual
- pam_warn(8)
- pam_nologin(8)
- unix_chkpwd(8)
- sepermit.conf(5)
- pam_loginuid(8)
- pam_mail(8)
- limits.conf(5)
- faillock(8)
- pwhistory_helper(8)
- pam_mkhomedir(8)
- pam.d(5)
- pam_limits(8)
- pam_rhosts(8)
- pam_localuser(8)
- pam_stress(8)
- pam_group(8)
- pam_sepermit(8)
- namespace.conf(5)
- access.conf(5)
- environment(5)
- pam_setquota(8)
- pam_listfile(8)
- pam-auth-update(8)
- pam_selinux(8)
- pam_unix(8)
- pam_issue(8)
- pam_pwhistory(8)
- pam_filter(8)
- pam_echo(8)
- pam_faillock(8)
- pam_motd(8)
- pam_getenv(8)
- pam_faildelay(8)
- mkhomedir_helper(8)
- pam_permit(8)
- pam_env.conf(5)
- pam_exec(8)
- pam_access(8)
- pam_xauth(8)
- pam_time(8)
- pam_wheel(8)
- pam(7)
- pam_env(8)
- pam_umask(8)
- pam_usertype(8)
- pam_namespace_helper(8)
- pam_timestamp(8)
- pam_rootok(8)
- group.conf(5)
- pam_securetty(8)
- faillock.conf(5)
- pam_userdb(8)
- pam_keyinit(8)
- pwhistory.conf(5)
- pam.conf(5)
- pam_canonicalize_user(8)
- time.conf(5)
- pam_tty_audit(8)
- pam_debug(8)
- pam_shells(8)
- pam_ftp(8)
- pam_deny(8)
- pam_namespace(8)
- pam_timestamp_check(8)
- unix_update(8)
- pam_succeed_if(8)
apt-get install libpam-runtime
Manual
| PAM_SECURETTY(8) | Linux-PAM Manual | PAM_SECURETTY(8) |
NAME
pam_securetty - Limit root login to special devices
SYNOPSIS
pam_securetty.so [debug]
DESCRIPTION
pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in the securetty file. pam_securetty checks at first, if /etc/securetty exists. If not and it was built with vendordir support, it will use /securetty. pam_securetty also checks that the securetty files are plain files and not world writable. It will also allow root logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/console/active.
This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly.
For canonical usage, should be listed as a required authentication method before any sufficient authentication methods.
OPTIONS
debug
noconsole
MODULE TYPES PROVIDED
Only the auth module type is provided.
RETURN VALUES
PAM_SUCCESS
PAM_AUTH_ERR
PAM_BUF_ERR
PAM_CONV_ERR
PAM_INCOMPLETE
PAM_SERVICE_ERR
PAM_USER_UNKNOWN
EXAMPLES
auth required pam_securetty.so auth required pam_unix.so
SEE ALSO
securetty(5), pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
| 06/29/2025 | Linux-PAM |