Provided by: libpam-net_0.3-2_amd64
NAME
pam_usernet - join the user own network namespace at login
SYNOPSIS
pam_usernet.so
DESCRIPTION
The pam_usernet PAM module allow each user in usernet group to have their own network namespace. If a network namespace having the same name as the username exists, pam runs the user shell in that namespace. If such a namespace does does not exist, it is created during the login process. The system administrator can create a network namespace for each user in usernet group. Each namespace must be named after each username. Users will get their own network namespace at login. When pam_usernet is used together with a specific cado(1) configuration users can configure their own networking services. (see https://github.com/rd235/cado)
OPTIONS
group=groupname the module operates on users in the group groupname instead of newnet. lodown leave the localhost lo interface in the state DOWN. rootshared Leave the root filesystem / as shared so mounts can propagate out to the parent namespace. Warning: this feature can create security vulnerabilities if not properly used.
RETURN VALUES
PAM_IGNORE User does not belong to the usernet group. PAM_ABORT Error in retrieving the user id or in the namespace creation/joining. PAM_SUCCESS Success.
EXAMPLES
Add the following line to /etc/pam.d/sshd or /etc/pam.d/login session required pam_usernet.so
SEE ALSO
pam.conf(5), pam.d(5), pam(7)
AUTHOR
pam_usernet was written by Renzo Davoli and Eduard Caizer, University of Bologna