Pam module which creates filesystem snapshots via "snapper"
pam_snapper.so [debug] [homeprefix=prefix] [ignoreservices=services] [ignoreusers=users] [rootasroot] [ignoreroot] [openonly] [closeonly] [cleanup=algorithm]
Create a snapshot at every login of a user, thus he or she always has a save starting point.
As many users do not logout for some time, it is a good idea to enable snapper's time based snapshots in addition.
debug
Switch on debugging in the module.
homeprefix=prefix
Prefix for the name of the snapper configuration. The username will be appended to this prefix.
Default: "home_"
ignoreservices=comma separated list of services
Default: "crond"
ignoreusers=comma separated list of users
Default: (none)
rootasroot
Perform a snapshot using the snapper configuration "root" if the user "root" logs in. In other words: the homeprefix is not used in this case. As the snapper configuration "root" is used for the system (the root filesystem), this means that with every login of the user "root" the complete "/" filesystem will be snapshotted. This can be useful to help administrators rolling back in case their activity / configuration changes have been accidentally wrong.
"rootasroot" and "ignoreroot" are mutually exclusive.
ignoreroot
No snapshot is taken, if the user "root" opens/closes a session.
"rootasroot" and "ignoreroot" are mutually exclusive.
openonly
Only create a single snapshot when opening the PAM session.
Default: create pre- and post-snapshots
closeonly
Only create a single snapshot when closing the PAM session.
Default: create pre- and post-snapshots
cleanup=cleanup-algorithm
Set snapper cleanup algorithm.
Default: (none)
Only the module type "session" is provided.
PAM_SUCCESS
pam_snapper will always return PAM_SUCCESS, to not prevent users from login, in case a snapshot fails. This may change in the future.
Create a btrfs subvolume for the new user and a snapper configuration, e.g. using the tool /usr/lib/pam_snapper/pam_snapper_useradd.sh.
Add the following line to /etc/pam.d/common-session:
session optional pam_snapper.so
snapper(8), pam.conf(5), pam(8), pam_snapper_homeconvert, pam_snapper_pamconfig, pam_snapper_useradd, pam_snapper_userdel
\m[blue]http://snapper.io/\m[]
pam-snapper was written by Matthias G. Eckermann <[email protected]> as part of SUSE Hackweek#9 in April 2013.
This module would not have been possible without the work of Arvin Schnell on the snapper project. pam-snapper inherits DBUS handling from "snapper_dbus_cli.c" by David Disseldorp.
The module builds on the Linux PAM stack and its documentation, written by Thorsten Kukuk.
Copyright (c) 2013 SUSE
All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, contact SUSE.
To contact SUSE about this file by physical or electronic mail, you may find current contact information at www.suse.com.