Name

pam_snapper — PAM module which creates filesystem snapshots via "snapper"

Synopsis

pam_snapper.so [debug] [homeprefix=prefix] [ignoreservices=services] [ignoreusers=users] [rootasroot] [ignoreroot] [openonly] [closeonly] [cleanup=algorithm]

DESCRIPTION

Create a snapshot at every login of a user, thus they always have a save starting point.

As many users do not logout for some time, it is a good idea to enable snapper's time based snapshots in addition.

OPTIONS

debug

Switch on debugging in the module.

homeprefix=prefix

Prefix for the name of the snapper configuration. The username will be appended to this prefix.

Default: "home_"

ignoreservices=comma separated list of services

Default: "crond"

ignoreusers=comma separated list of users

Default: (none)

rootasroot

Perform a snapshot using the snapper configuration "root" if the user "root" logs in. In other words: the homeprefix is not used in this case. As the snapper configuration "root" is used for the system (the root filesystem), this means that with every login of the user "root" the complete "/" filesystem will be snapshotted. This can be useful to help administrators rolling back in case their activity / configuration changes have been accidentally wrong.

"rootasroot" and "ignoreroot" are mutually exclusive.

ignoreroot

No snapshot is taken, if the user "root" opens/closes a session.

"rootasroot" and "ignoreroot" are mutually exclusive.

openonly

Only create a single snapshot when opening the PAM session.

Default: create pre- and post-snapshots

closeonly

Only create a single snapshot when closing the PAM session.

Default: create pre- and post-snapshots

cleanup=cleanup-algorithm

Set snapper cleanup algorithm.

Default: (none)

MODULE TYPES PROVIDED

Only the module type "session" is provided.

RETURN VALUES

PAM_SUCCESS

pam_snapper will always return PAM_SUCCESS, to not prevent users from login, in case a snapshot fails. This may change in the future.

EXAMPLES

Basic usage

  1. Create a btrfs subvolume for the new user and a snapper configuration, e.g. using the tool /usr/lib/pam_snapper/pam_snapper_useradd.sh.

  2. Add the following line to /etc/pam.d/common-session:

    session    optional    pam_snapper.so
    	  

SEE ALSO

snapper(8), pam.conf(5), pam(8), pam_snapper_homeconvert, pam_snapper_pamconfig, pam_snapper_useradd, pam_snapper_userdel

HOMEPAGE

http://snapper.io/

AUTHORS

pam-snapper was written by Matthias G. Eckermann as part of SUSE Hackweek#9 in April 2013.

This module would not have been possible without the work of Arvin Schnell on the snapper project. pam-snapper inherits DBUS handling from "snapper_dbus_cli.c" by David Disseldorp.

The module builds on the Linux PAM stack and its documentation, written by Thorsten Kukuk.

LICENSE

Copyright (c) 2013 SUSE

All Rights Reserved.

This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, contact SUSE.

To contact SUSE about this file by physical or electronic mail, you may find current contact information at www.suse.com.