PAM LVE module

PAM LVE Module

[version 0.3]

pam_lve.so is a PAM module that sets up LVE environment. It provides easy way to setup LVE for SSH sessions, as well as other PAM enabled applications.

Installation:

# yum install pam_lve

After you install RPM, add following line to PAM config file for the required application:

session    required     pam_lve.so 500 1 wheel

In this line 500 stands for minimum UID for which LVE will be setup. For any user with UID < 500, LVE will not be setup.

1 stands for CageFS enabled (0 -- cagefs disabled)

3rd optional argument defines group of users that will not be placed into LVE.

Do man pam_lve for more information.

For example, to enable LVE for SSH access, add that line to /etc/pam.d/sshd. To enable LVE for SU, add that line to /etc/pam.d/su

This module should be used instead of lve_bash (and other lve shells), as it provides clean, easy to use, transparent alternative.

By default module will not place users with group wheel into lve. If you want to use different group to define users that will not be placed into LVE by pam_lve - pass it as 3rd argument.

Warning: Be careful when you test it, as if you incorrectly add this line to /etc/pam.d/sshd, it will lock you out ssh. Don't log out of your current SSH session, until you sure it works.

Documentation

PAM LVE Module