NAME

       pam_usernet - join the user own network namespace at login

SYNOPSIS

       pam_usernet.so

DESCRIPTION

       The  pam_usernet  PAM  module  allow  each user in usernet group to have their own network
       namespace.

       If a network namespace having the same name as the username  exists,  pam  runs  the  user
       shell in that namespace. If such a namespace does does not exist, it is created during the
       login process.

       The system administrator can create a network namespace for each user  in  usernet  group.
       Each  namespace  must  be  named  after  each  username.  Users will get their own network
       namespace at login.

       When pam_usernet is  used  together  with  a  specific  cado(1)  configuration  users  can
       configure their own networking services. (see https://github.com/rd235/cado)

OPTIONS

       group=groupname
           the module operates on users in the group groupname instead of newnet.

       lodown
           leave the localhost lo interface in the state DOWN.

       rootshared
           Leave  the  root  filesystem  /  as  shared  so mounts can propagate out to the parent
           namespace. Warning: this feature can create security vulnerabilities if  not  properly
           used.

RETURN VALUES

       PAM_IGNORE
           User does not belong to the usernet group.

       PAM_ABORT
           Error in retrieving the user id or in the namespace creation/joining.

       PAM_SUCCESS
           Success.

EXAMPLES

       Add the following line to /etc/pam.d/sshd or /etc/pam.d/login

               session   required  pam_usernet.so

SEE ALSO

       pam.conf(5), pam.d(5), pam(7)

AUTHOR

       pam_usernet was written by Renzo Davoli and Eduard Caizer, University of Bologna