<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6.28.pam_securetty - limit root login to special devices</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter6.A reference guide for available modules"><link rel="prev" href="sag-pam_rootok.html" title="6.27.pam_rootok - gain only root access"><link rel="next" href="sag-pam_selinux.html" title="6.29.pam_selinux - set the default security context"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.28.pam_securetty - limit root login to special devices</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_rootok.html">Prev</a></td><th width="60%" align="center">Chapter6.A reference guide for available modules</th><td width="20%" align="right"><a accesskey="n" href="sag-pam_selinux.html">Next</a></td></tr></table><hr></div><div class="section" title="6.28.pam_securetty - limit root login to special devices"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_securetty"></a>6.28.pam_securetty - limit root login to special devices</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_securetty.so</code> [
debug
]</p></div><div class="section" title="6.28.1.DESCRIPTION"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-description"></a>6.28.1.DESCRIPTION</h3></div></div></div><p>
pam_securetty is a PAM module that allows root logins only if the
user is logging in on a "secure" tty, as defined by the listing
in <code class="filename">/etc/securetty</code>. pam_securetty also checks
to make sure that <code class="filename">/etc/securetty</code> is a plain
file and not world writable.
</p><p>
This module has no effect on non-root users and requires that the
application fills in the <span class="emphasis"><em>PAM_TTY</em></span>
item correctly.
</p><p>
For canonical usage, should be listed as a
<span class="emphasis"><em>required</em></span> authentication method
before any <span class="emphasis"><em>sufficient</em></span>
authentication methods.
</p></div><div class="section" title="6.28.2.OPTIONS"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-options"></a>6.28.2.OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
Print debug information.
</p></dd></dl></div></div><div class="section" title="6.28.3.MODULE TYPES PROVIDED"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-types"></a>6.28.3.MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">auth</code> module type is provided.
</p></div><div class="section" title="6.28.4.RETURN VALUES"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-return_values"></a>6.28.4.RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
The user is allowed to continue authentication.
Either the user is not root, or the root user is
trying to log in on an acceptable device.
</p></dd><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
Authentication is rejected. Either root is attempting to
log in via an unacceptable device, or the
<code class="filename">/etc/securetty</code> file is world writable or
not a normal file.
</p></dd><dt><span class="term">PAM_INCOMPLETE</span></dt><dd><p>
An application error occurred. pam_securetty was not able
to get information it required from the application that
called it.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
An error occurred while the module was determining the
user's name or tty, or the module could not open
<code class="filename">/etc/securetty</code>.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
The module could not find the user name in the
<code class="filename">/etc/passwd</code> file to verify whether
the user had a UID of 0. Therefore, the results of running
this module are ignored.
</p></dd></dl></div></div><div class="section" title="6.28.5.EXAMPLES"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-examples"></a>6.28.5.EXAMPLES</h3></div></div></div><p>
</p><pre class="programlisting">
auth required pam_securetty.so
auth required pam_unix.so
</pre><p>
</p></div><div class="section" title="6.28.6.AUTHOR"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_securetty-author"></a>6.28.6.AUTHOR</h3></div></div></div><p>
pam_securetty was written by Elliot Lee <sopwith@cuc.edu>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_rootok.html">Prev</a></td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"><a accesskey="n" href="sag-pam_selinux.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.27.pam_rootok - gain only root access</td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top">6.29.pam_selinux - set the default security context</td></tr></table></div></body></html>
