1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
<?xml version="1.0" encoding="utf-8"?>
<refentry id='pam_snapper8'>
<refentryinfo>
<date>2013-05-23</date>
</refentryinfo>
<refmeta>
<refentrytitle>pam_snapper</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class='date'>2013-05-23</refmiscinfo>
<refmiscinfo class='version'>@VERSION@</refmiscinfo>
<refmiscinfo class='manual'>Filesystem Snapshot Management</refmiscinfo>
</refmeta>
<refnamediv>
<refname>pam_snapper</refname>
<refpurpose>PAM module which creates filesystem snapshots via "snapper"</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>pam_snapper.so</command>
<arg choice='opt'>debug</arg>
<arg choice='opt'>homeprefix=<replaceable>prefix</replaceable></arg>
<arg choice='opt'>ignoreservices=<replaceable>services</replaceable></arg>
<arg choice='opt'>ignoreusers=<replaceable>users</replaceable></arg>
<arg choice='opt'>rootasroot</arg>
<arg choice='opt'>ignoreroot</arg>
<arg choice='opt'>openonly</arg>
<arg choice='opt'>closeonly</arg>
<arg choice='opt'>cleanup=<replaceable>algorithm</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>Create a snapshot at every login of a user, thus he or she always has a save
starting point.</para>
<para>As many users do not logout for some time, it is a good idea to
enable snapper's time based snapshots in addition.</para>
</refsect1>
<refsect1 id='options'>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term><option>debug</option></term>
<listitem>
<para>Switch on debugging in the module.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>homeprefix=<replaceable>prefix</replaceable></option></term>
<listitem>
<para>Prefix for the name of the snapper configuration. The username
will be appended to this prefix.</para>
<para>Default: "home_"</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>ignoreservices=<replaceable>comma separated list of services</replaceable></option></term>
<listitem>
<para>Default: "crond"</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>ignoreusers=<replaceable>comma separated list of users</replaceable></option></term>
<listitem>
<para>Default: (none)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>rootasroot</option></term>
<listitem>
<para>Perform a snapshot using the snapper configuration "root" if
the user "root" logs in. In other words: the homeprefix is not used
in this case. As the snapper configuration "root" is used for the
system (the root filesystem), this means that with every login of
the user "root" the complete "/" filesystem will be
snapshotted. This can be useful to help administrators rolling back
in case their activity / configuration changes have been
accidentally wrong.</para>
<para>"rootasroot" and "ignoreroot" are mutually exclusive.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>ignoreroot</option></term>
<listitem>
<para>No snapshot is taken, if the user "root" opens/closes a
session.</para>
<para>"rootasroot" and "ignoreroot" are mutually exclusive.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>openonly</option></term>
<listitem>
<para>Only create a single snapshot when opening the PAM
session.</para>
<para>Default: create pre- and post-snapshots</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>closeonly</option></term>
<listitem>
<para>Only create a single snapshot when closing the PAM
session.</para>
<para>Default: create pre- and post-snapshots</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>cleanup=<replaceable>cleanup-algorithm</replaceable></option></term>
<listitem>
<para>Set snapper cleanup algorithm.</para>
<para>Default: (none)</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='module_types_provided'>
<title>MODULE TYPES PROVIDED</title>
<para>Only the module type "session" is provided.</para>
</refsect1>
<refsect1 id='return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>pam_snapper will always return PAM_SUCCESS, to not prevent
users from login, in case a snapshot fails. This may change in the
future.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='examples'>
<title>EXAMPLES</title>
<refsect2 id='basic_usage'>
<title>Basic usage</title>
<orderedlist>
<listitem>
<para>Create a btrfs subvolume for the new user and a snapper
configuration, e.g. using the tool
<filename>/usr/lib/pam_snapper/pam_snapper_useradd.sh</filename>.</para>
</listitem>
<listitem>
<para>Add the following line to
<filename>/etc/pam.d/common-session</filename>:
<programlisting>
session optional pam_snapper.so
</programlisting>
</para>
</listitem>
</orderedlist>
</refsect2>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry><refentrytitle>snapper</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry role="nolink"><refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry role="nolink"><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
pam_snapper_homeconvert,
pam_snapper_pamconfig,
pam_snapper_useradd,
pam_snapper_userdel
</para>
</refsect1>
<refsect1 id='homepage'>
<title>HOMEPAGE</title>
<para><ulink url='http://snapper.io/'>http://snapper.io/</ulink></para>
</refsect1>
<refsect1 id='authors'>
<title>AUTHORS</title>
<para>pam-snapper was written by Matthias G. Eckermann <email>mge@suse.com</email>
as part of SUSE Hackweek#9 in April 2013.</para>
<para>This module would not have been possible without the work of Arvin
Schnell on the snapper project. pam-snapper inherits DBUS handling from
"snapper_dbus_cli.c" by David Disseldorp.</para>
<para>The module builds on the Linux PAM stack and its documentation,
written by Thorsten Kukuk.</para>
</refsect1>
<refsect1 id='license'>
<title>LICENSE</title>
<para>Copyright (c) 2013 SUSE</para>
<para>All Rights Reserved.</para>
<para>This program is free software; you can redistribute it and/or modify
it under the terms of version 2 of the GNU General Public License as published
by the Free Software Foundation.</para>
<para>This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.</para>
<para>You should have received a copy of the GNU General Public License
along with this program; if not, contact SUSE.</para>
<para>To contact SUSE about this file by physical or electronic mail, you
may find current contact information at www.suse.com.</para>
</refsect1>
</refentry>
|
