[illumos-gate merge]

commit 132f92b0e6c7ef46ac10daee56575ea421313e21
    12596 A typo in usr/src/man/man1/ls.1
commit c3267a7bdebfa73aeda8a9cc71aa02f5420ba00c
    12594 bge device IDs do not have a leading 0x
commit 7112648bd7986a88f0ffa61263d5cbf7229d8b03
    12472 pam_list does not have 'group' option
commit fba27d8741c08c38aa9cf5fd383633304ddad810
    12592 stmf_sbd: panic in _init on sparc
commit 9d9483ac38cb12576b0b6e2a6d950e6d65a622a0
    12547 pci_pci: NULL pointer errors
commit 692bcae7eb9419bcc3f9d011a67c6a5c6497a72f
    12542 dtrace: NULL pointer errors
commit 12551037071c8ef2216bb540edd94a5bff5e90ae
    12532 unix: NULL pointer errors
commit 13c31a0ee516ab913296f7367d3c09a79ff3ba21
    12533 cfgadm_plugins: NULL pointer errors
commit 67dca347c78f6433be936f7be1c9bbf7069a19ec
    12534 fm: NULL pointer errors

1 files changed, 47 insertions, 16 deletions

diff --git a/usr/src/man/man5/pam_list.5 b/usr/src/man/man5/pam_list.5
index 47c3b6d934..78228ce076 100644
--- a/usr/src/man/man5/pam_list.5
+++ b/usr/src/man/man5/pam_list.5
@@ -3,24 +3,23 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PAM_LIST 5 "April 9, 2016"
+.TH PAM_LIST 5 "April 22, 2020"
 .SH NAME
 pam_list \- PAM account management module for UNIX
 .SH SYNOPSIS
-.LP
 .nf
  pam_list.so.1
 .fi
 
 .SH DESCRIPTION
-.LP
 The \fBpam_list\fR module implements \fBpam_sm_acct_mgmt\fR(3PAM), which
 provides  functionality to the PAM account management stack.  The module
 provides functions to validate  that  the  user's account  is  valid on this
-host based on a list of users and/or netgroups in the given file. The users and
-netgroups are separated by newline character. Netgroups are specified with
-character '@' as prefix before name of netgroup in the list. The maximum line
-length is 1023 characters.
+host based on a list of users, groups, and/or netgroups in the given file. The users,
+groups, and netgroups are separated by newline character. Groups are specified
+with character '%' and netgroups are specified with character '@' as prefix
+before name of the group/netgroup in the list. The maximum line length is 1023
+characters.
 .sp
 .LP
 The username is the value of \fBPAM_USER\fR. The host is the value of
@@ -48,8 +47,8 @@ The following options can be passed to the module:
 \fB\fBallow=\fR\fR
 .ad
 .RS 19n
-The full pathname to a file of allowed users and/or netgroups. Only one of
-\fBallow=\fR or \fBdeny=\fR can be specified.
+The full pathname to a file of allowed users, groups, and/or netgroups.
+Only one of \fBallow=\fR or \fBdeny=\fR can be specified.
 .RE
 
 .sp
@@ -67,8 +66,8 @@ Activate \fBcompat\fR mode.
 \fB\fBdeny=\fR\fR
 .ad
 .RS 19n
-The full pathname to a file of denied users and/or netgroups. Only one of
-\fBdeny=\fR or \fBallow=\fR can be specified.
+The full pathname to a file of denied users, groups, and/or netgroups.
+Only one of \fBdeny=\fR or \fBallow=\fR can be specified.
 .RE
 
 .sp
@@ -84,6 +83,15 @@ Provide \fBsyslog\fR(3C) debugging information at the \fBLOG_AUTH\fR |
 .sp
 .ne 2
 .na
+\fB\fBgroup\fR\fR
+.ad
+.RS 19n
+The module should perform group membership matches for the username.
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fBuser\fR\fR
 .ad
 .RS 19n
@@ -128,7 +136,6 @@ The user and hostname must be in the same netgroup.
 .RE
 
 .SH ERRORS
-.LP
 The following error values are returned:
 .sp
 .ne 2
@@ -186,7 +193,6 @@ No account is present for the user
 .RE
 
 .SH EXAMPLES
-.LP
 \fBExample 1 \fRUsing \fBpam_list\fR in default mode
 .sp
 .LP
@@ -227,7 +233,7 @@ In the case of \fBdefault\fR mode or \fBcompat\fR mode, the important lines in
 .nf
 other   account requisite       pam_roles.so.1
 other   account required        pam_unix_account.so.1
-other   account required        pam_list.so.1 allow=etc/user.allow
+other   account required        pam_list.so.1 allow=/etc/users.allow
 .fi
 .in -2
 
@@ -244,8 +250,34 @@ remoteloginname
 .fi
 .in -2
 
-.SH ATTRIBUTES
 .LP
+\fBExample 3 \fRUsing \fBpam_list\fR with allow file to allow
+members of the 'admins' group access.
+.sp
+.LP
+\fB/etc/pam.conf\fR modification looks like:
+
+.sp
+.in +2
+.nf
+other   account requisite       pam_roles.so.1
+other   account required        pam_unix_account.so.1
+other   account required        pam_list.so.1 group allow=/etc/users.allow
+.fi
+.in -2
+
+.sp
+.LP
+\fB/etc/users.allow\fR contains:
+.sp
+.in +2
+.nf
+root
+%admins
+.fi
+.in -2
+
+.SH ATTRIBUTES
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
@@ -266,7 +298,6 @@ MT-Level	MT-Safe with exceptions
 The interfaces in \fBlibpam\fR(3LIB) are MT-Safe only if each thread within the
 multithreaded application uses its own PAM handle.
 .SH SEE ALSO
-.LP
 \fBpam\fR(3PAM), \fBpam_authenticate\fR(3PAM), \fBpam_sm_acct_mgmt\fR(3PAM),
 \fBsyslog\fR(3C), \fBlibpam\fR(3LIB), \fBnsswitch.conf\fR(4),
 \fBpam.conf\fR(4), \fBattributes\fR(5)