Dr Andrew Scott G7VAV
MBCS, MIET, Member ACM, Member IEEE
My photo
Senior Lecturer
School of Computing
    and Communications

D35 InfoLab21
Lancaster University
Lancaster, LA1 4WA
United Kingdom
 
October 2025
Mo Tu We Th Fr Sa Su
29 30 1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31 1 2
3 4 5 6 7 8 9

PAM_ROOTOK

Section: Linux-PAM Manual (8)
Updated: 06/04/2011
Index Return to Main Contents
 

NAME

pam_rootok - Gain only root access  

SYNOPSIS

pam_rootok.so [debug]
 

DESCRIPTION

pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked.  

OPTIONS

debug

Print debug information.
 

MODULE TYPES PROVIDED

The auth, acct and password module types are provided.  

RETURN VALUES

PAM_SUCCESS

The UID is 0.

PAM_AUTH_ERR

The UID is not 0.
 

EXAMPLES

In the case of the su(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su configuration file: 

# su authentication. Root is granted access by default.
auth  sufficient   pam_rootok.so
auth  required     pam_unix.so

 

SEE ALSO

su(1), pam.conf(5), pam.d(5), pam(7)  

AUTHOR

pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>.

 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
MODULE TYPES PROVIDED
RETURN VALUES
EXAMPLES
SEE ALSO
AUTHOR
for client (none)
© Andrew Scott 2006 - 2025,
All Rights Reserved
http://www.andrew-scott.uk/
Andrew Scott
http://www.andrew-scott.co.uk/