NAME

       pam_usernet - join the user own network namespace at login

SYNOPSIS

       pam_usernet.so

DESCRIPTION

       The pam_usernet PAM module allow each user in usernet group to have their own network namespace.

       If  a  network  namespace  having  the  same name as the username exists, pam runs the user shell in that
       namespace. If such a namespace does does not exist, it is created during the login process.

       The system administrator can create a network namespace for each user in usernet  group.  Each  namespace
       must be named after each username.  Users will get their own network namespace at login.

       When  pam_usernet  is  used  together with a specific cado(1) configuration users can configure their own
       networking services. (see https://github.com/rd235/cado)

OPTIONS

       group=groupname
           the module operates on users in the group groupname instead of usernet.

       lodown
           leave the localhost lo interface in the state DOWN.

       rootshared
           Leave the root filesystem / as shared so mounts can propagate out to the parent  namespace.  Warning:
           this feature can create security vulnerabilities if not properly used.

RETURN VALUES

       PAM_IGNORE
           User does not belong to the usernet group.

       PAM_ABORT
           Error in retrieving the user id or in the namespace creation/joining.

       PAM_SUCCESS
           Success.

EXAMPLES

       Add the following line to /etc/pam.d/sshd or /etc/pam.d/login

               session   required  pam_usernet.so

SEE ALSO

       pam.conf(5), pam.d(5), pam(7)

AUTHOR

       pam_usernet was written by Renzo Davoli and Eduard Caizer, University of Bologna

VirtualSquare Labs                               August 17, 2016                                  PAM_USERNET(8)