table of contents
PAM_EXEC(8) | Linux-PAM Manual | PAM_EXEC(8) |
NAME¶
pam_exec - PAM module which calls an external command
SYNOPSIS¶
pam_exec.so [debug] [expose_authtok] [seteuid] [quiet] [quiet_log] [stdout] [log=file] [type=type] command [...]
DESCRIPTION¶
pam_exec is a PAM module that can be used to run an external command.
The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: account, auth, password, open_session and close_session.
Commands called by pam_exec need to be aware of that the user can have control over the environment.
OPTIONS¶
debug
expose_authtok
log=file
type=type
stdout
quiet
quiet_log
seteuid
MODULE TYPES PROVIDED¶
All module types (auth, account, password and session) are provided.
RETURN VALUES¶
PAM_SUCCESS
PAM_BUF_ERR
PAM_CONV_ERR
PAM_INCOMPLETE
PAM_SERVICE_ERR
PAM_SYSTEM_ERR
PAM_IGNORE
EXAMPLES¶
Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change:
password optional pam_exec.so seteuid /usr/bin/make -C /var/yp
This will execute the command
make -C /var/yp
with effective user ID.
SEE ALSO¶
pam.conf(5), pam.d(5), pam(7)
AUTHOR¶
pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and Josh Triplett <josh@joshtriplett.org>.
05/07/2023 | Linux-PAM |