Consider group membership.
Syntax:
facility control_flag pam_group.so [deny] [fail_safe]
[group=group_name] [luser | ruser] [root_only]
Options:
- deny
- Reject users who are members of the group.
- fail_safe
- Treat the user as a member even if the group is empty or does not exist.
- group=group_name
- Check this group.
- luser
- Accept target users who belong to the group and reject ones who don't.
- root_only
- Consider only the user with UID equal to zero.
- ruser
- Make decisions based on the group membership of the entity seeking to be authenticated.
Description:
Use the pam_group module to take group membership into consideration as
part of the authentication.
Note: The PAM module syntax does not stand alone and is contained within the context of the PAM
configuration command. See the
Security
Developer's Guide for more information about system authentication,
configuring PAM, facilities, control flags, examples, and how QNX Neutrino uses the OpenPAM framework.
Service category:
This module belongs to the following PAM service categories:
Exit status:
Accepts or rejects the user.
Returns failure if luser and ruser are both
specified. They are mutually exclusive options.