PAM-modules Manual (split by chapter):   Section:   Chapter:FastBack: umotd   Up: Top   FastForward: innetgr   Contents: Table of ContentsIndex: Concept Index

9 pam_groupmember

The pam_groupmember module checks whether the user is member of one or more groups. Both primary and supplementary groups are checked. The list of groups to be checked is given with the groups option. Its argument is a comma-separated list of group names of numeric IDs, prefixed with ‘+’ sign.

The module returns PAM_SUCCESS if the user is member of one of the supplied groups and PAM_AUTH_ERR on otherwise. The return value can be inverted using the sense=deny option.

Additionally, the module can return PAM_USER_UNKNOWN if the user is not known and PAM_AUTHINFO_UNAVAIL if unable to retrieve the user name.

The pam_groupmember module can be used in any PAM service stack.

9.1 Summary of pam_groupmember options

groups=group-list

Defines groups to check against. The argument is a comma-separated list of group names or IDs. Group IDs must be prefixed with a plus sign.

sense={allow|deny}

What to do on success. The value ‘allow’ means to return PAM_SUCCESS, ‘deny’ means to return PAM_AUTH_ERR. Default is ‘allow’.

PAM-modules Manual (split by chapter):   Section:   Chapter:FastBack: groupmember   Up: groupmember   FastForward: innetgr   Contents: Table of ContentsIndex: Concept Index

This document was generated on August 11, 2021 using makeinfo.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.