NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON

PAM_LOGINUID(8)               Linux-PAM Manual               PAM_LOGINUID(8)

NAME         top

       pam_loginuid - Record user's login uid to the process attribute

SYNOPSIS         top

       pam_loginuid.so [require_auditd]

DESCRIPTION         top

       The pam_loginuid module sets the loginuid process attribute for the
       process that was authenticated. This is necessary for applications to
       be correctly audited. This PAM module should only be used for entry
       point applications like: login, sshd, gdm, vsftpd, crond and atd.
       There are probably other entry point applications besides these. You
       should not use it for applications like sudo or su as that defeats
       the purpose by changing the loginuid to the account they just
       switched to.

OPTIONS         top

       require_auditd
           This option, when given, will cause this module to query the
           audit daemon status and deny logins if it is not running.

MODULE TYPES PROVIDED         top

       Only the session module type is provided.

RETURN VALUES         top

       PAM_SUCCESS
           The loginuid value is set and auditd is running if check
           requested.
       PAM_IGNORE
           The /proc/self/loginuid file is not present on the system or the
           login process runs inside uid namespace and kernel does not
           support overwriting loginuid.
       PAM_SESSION_ERR
           Any other error prevented setting loginuid or auditd is not
           running.

EXAMPLES         top

           #%PAM-1.0
           auth       required     pam_unix.so
           auth       required     pam_nologin.so
           account    required     pam_unix.so
           password   required     pam_unix.so
           session    required     pam_unix.so
           session    required     pam_loginuid.so

SEE ALSO         top

       pam.conf(5), pam.d(5), pam(8), auditctl(8), auditd(8)

AUTHOR         top

       pam_loginuid was written by Steve Grubb <sgrubb@redhat.com>

COLOPHON         top

       This page is part of the linux-pam (Pluggable Authentication Modules
       for Linux) project.  Information about the project can be found at 
       ⟨http://www.linux-pam.org/⟩.  If you have a bug report for this manual
       page, see ⟨//www.linux-pam.org/⟩.  This page was obtained from the
       tarball Linux-PAM-1.3.0.tar.gz fetched from 
       ⟨http://www.linux-pam.org/library/⟩ on 2017-07-05.  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail
       to man-pages@man7.org
Linux-PAM Manual                 04/01/2016                  PAM_LOGINUID(8)

Pages that refer to this page: audit_setloginuid(3)ausearch(8)pam_systemd(8)