summaryrefslogtreecommitdiffstats
path: root/resources/config/1/uniontmp/etc/security/group.conf
diff options
context:
space:
mode:
authormichael pereira2011-03-10 15:47:10 +0100
committermichael pereira2011-03-10 15:47:10 +0100
commit501f65203cb5e98f6f6c8afcd8e64e3d3a82e672 (patch)
treeef7f37935ae06e335f77e8e492b9446964b0c141 /resources/config/1/uniontmp/etc/security/group.conf
parentdefault kcl und config hinzugefuegt (diff)
downloadpbs2-501f65203cb5e98f6f6c8afcd8e64e3d3a82e672.tar.gz
pbs2-501f65203cb5e98f6f6c8afcd8e64e3d3a82e672.tar.xz
pbs2-501f65203cb5e98f6f6c8afcd8e64e3d3a82e672.zip
Resource Controller
Diffstat (limited to 'resources/config/1/uniontmp/etc/security/group.conf')
-rwxr-xr-xresources/config/1/uniontmp/etc/security/group.conf105
1 files changed, 105 insertions, 0 deletions
diff --git a/resources/config/1/uniontmp/etc/security/group.conf b/resources/config/1/uniontmp/etc/security/group.conf
new file mode 100755
index 0000000..e966b95
--- /dev/null
+++ b/resources/config/1/uniontmp/etc/security/group.conf
@@ -0,0 +1,105 @@
+#
+# This is the configuration file for the pam_group module.
+#
+
+#
+# *** Please note that giving group membership on a session basis is
+# *** NOT inherently secure. If a user can create an executable that
+# *** is setgid a group that they are infrequently given membership
+# *** of, they can basically obtain group membership any time they
+# *** like. Example: games are allowed between the hours of 6pm and 6am
+# *** user joe logs in at 7pm writes a small C-program toplay.c that
+# *** invokes their favorite shell, compiles it and does
+# *** "chgrp games toplay; chmod g+s toplay". They are basically able
+# *** to play games any time... You have been warned. AGM
+#
+
+#
+# The syntax of the lines is as follows:
+#
+# services;ttys;users;times;groups
+#
+# white space is ignored and lines maybe extended with '\\n' (escaped
+# newlines). From reading these comments, it is clear that
+# text following a '#' is ignored to the end of the line.
+#
+# the combination of individual users/terminals etc is a logic list
+# namely individual tokens that are optionally prefixed with '!' (logical
+# not) and separated with '&' (logical and) and '|' (logical or).
+#
+# services
+# is a logic list of PAM service names that the rule applies to.
+#
+# ttys
+# is a logic list of terminal names that this rule applies to.
+#
+# users
+# is a logic list of users or a netgroup of users to whom this
+# rule applies.
+#
+# NB. For these items the simple wildcard '*' may be used only once.
+# With netgroups no wildcards or logic operators are allowed.
+#
+# times
+# It is used to indicate "when" these groups are to be given to the
+# user. The format here is a logic list of day/time-range
+# entries the days are specified by a sequence of two character
+# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
+# that repeated days are unset MoMo = no day, and MoWk = all weekdays
+# bar Monday. The two character combinations accepted are
+#
+# Mo Tu We Th Fr Sa Su Wk Wd Al
+#
+# the last two being week-end days and all 7 days of the week
+# respectively. As a final example, AlFr means all days except Friday.
+#
+# Each day/time-range can be prefixed with a '!' to indicate "anything
+# but"
+#
+# The time-range part is two 24-hour times HHMM separated by a hyphen
+# indicating the start and finish time (if the finish time is smaller
+# than the start time it is deemed to apply on the following day).
+#
+# groups
+# The (comma or space separated) list of groups that the user
+# inherits membership of. These groups are added if the previous
+# fields are satisfied by the user's request
+#
+# For a rule to be active, ALL of service+ttys+users must be satisfied
+# by the applying process.
+#
+
+#
+# Note, to get this to work as it is currently typed you need
+#
+# 1. to run an application as root
+# 2. add the following groups to the /etc/group file:
+# floppy, games, sound
+#
+
+#
+# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'us' is given access to the floppy (through membership of
+# the floppy group)
+#
+
+#xsh;tty*&!ttyp*;us;Al0000-2400;floppy
+
+#
+# another example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'sword' is given access to games (through membership of
+# the sound and play group) after work hours. (The games group owns
+# high-score files and so on, so don't ever give users access to it.)
+#
+
+#xsh; tty* ;sword;!Wk0900-1800;sound, play
+#xsh; tty* ;*;Al0900-1800;floppy
+
+login;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip
+kdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
+gdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
+xdm;*;*;Al0000-2400;users,cdrom,floppy,plugdev,audio,dip,video
+
+#
+# End of group.conf file
+#