Linux command
pam_sepermit 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Enable in PAM auth stack
auth required pam_sepermit.so
Enable with exclusive login enforcement
auth required pam_sepermit.so exclusive
Use custom configuration file
auth required pam_sepermit.so conf=/etc/security/custom_sepermit.conf
Add user permit rule to config
echo "%wheel" >> /etc/security/sepermit.conf
说明
pam_sepermit is a PAM module that allows or denies login depending on the SELinux user state. It checks whether SELinux is enforcing and whether the user's SELinux context matches entries in the configuration file. When SELinux is in permissive mode or disabled, the module allows access by default. The module is typically placed in the auth stack and is used to restrict which users can log in on SELinux-enabled systems based on their mapped SELinux identity.
参数
- exclusive
- Only allow one login session at a time for the SELinux user. If another session is active, login is denied.
- conf=_FILE_
- Use an alternate configuration file instead of the default /etc/security/sepermit.conf.
FAQ
What is the pam_sepermit command used for?
pam_sepermit is a PAM module that allows or denies login depending on the SELinux user state. It checks whether SELinux is enforcing and whether the user's SELinux context matches entries in the configuration file. When SELinux is in permissive mode or disabled, the module allows access by default. The module is typically placed in the auth stack and is used to restrict which users can log in on SELinux-enabled systems based on their mapped SELinux identity.
How do I run a basic pam_sepermit example?
Run `auth required pam_sepermit.so` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does exclusive do in pam_sepermit?
Only allow one login session at a time for the SELinux user. If another session is active, login is denied.