summaryrefslogtreecommitdiff
path: root/modules/pam_group
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2008-01-08 12:44:15 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2008-01-08 12:44:15 +0000
commitd48c90b14254794fcad9ccc37873a8c663cce02d (patch)
tree62e42b3fd242091e7fab171d1b816586c09e743c /modules/pam_group
parent1f802e15b36f0ca69dc4127a9332983acfd70117 (diff)
Relevant BUGIDs:
Purpose of commit: cleanup Commit summary: --------------- Remove autogenerated documentation from CVS
Diffstat (limited to 'modules/pam_group')
-rw-r--r--modules/pam_group/.cvsignore3
-rw-r--r--modules/pam_group/README45
-rw-r--r--modules/pam_group/group.conf.583
-rw-r--r--modules/pam_group/pam_group.894
4 files changed, 3 insertions, 222 deletions
diff --git a/modules/pam_group/.cvsignore b/modules/pam_group/.cvsignore
index 9fb98574..49b88179 100644
--- a/modules/pam_group/.cvsignore
+++ b/modules/pam_group/.cvsignore
@@ -4,3 +4,6 @@
.libs
Makefile
Makefile.in
+README
+group.conf.5
+pam_group.8
diff --git a/modules/pam_group/README b/modules/pam_group/README
deleted file mode 100644
index 2e1e37a5..00000000
--- a/modules/pam_group/README
+++ /dev/null
@@ -1,45 +0,0 @@
-pam_group — PAM module for group access
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-The pam_group PAM module does not authenticate the user, but instead it grants
-group memberships (in the credential setting phase of the authentication
-module) to the user. Such memberships are based on the service they are
-applying for.
-
-By default rules for group memberships are taken from config file /etc/security
-/group.conf.
-
-This module's usefulness relies on the file-systems accessible to the user. The
-point being that once granted the membership of a group, the user may attempt
-to create a setgid binary with a restricted group ownership. Later, when the
-user is not given membership to this group, they can recover group membership
-with the precompiled binary. The reason that the file-systems that the user has
-access to are so significant, is the fact that when a system is mounted nosuid
-the user is unable to create or execute such a binary file. For this module to
-provide any level of security, all file-systems that the user has write access
-to should be mounted nosuid.
-
-The pam_group module fuctions in parallel with the /etc/group file. If the user
-is granted any groups based on the behavior of this module, they are granted in
-addition to those entries /etc/group (or equivalent).
-
-EXAMPLES
-
-These are some example lines which might be specified in /etc/security/
-group.conf.
-
-Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access to the
-floppy (through membership of the floppy group)
-
-xsh;tty*&!ttyp*;us;Al0000-2400;floppy
-
-Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access to
-games (through membership of the floppy group) after work hours.
-
-xsh; tty* ;sword;!Wk0900-1800;games, sound
-xsh; tty* ;*;Al0900-1800;floppy
-
-
diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
deleted file mode 100644
index 0e36ebf4..00000000
--- a/modules/pam_group/group.conf.5
+++ /dev/null
@@ -1,83 +0,0 @@
-.\" Title: group.conf
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/21/2006
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
-.\"
-.TH "GROUP.CONF" "5" "06/21/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-group.conf \- configuration file for the pam_group module
-.SH "DESCRIPTION"
-.PP
-The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user. Such memberships are based on the service they are applying for.
-.PP
-For this module to function correctly there must be a correctly formatted
-\fI/etc/security/group.conf\fR
-file present. White spaces are ignored and lines maybe extended with '\\' (escaped newlines). Text following a '#' is ignored to the end of the line.
-.PP
-The syntax of the lines is as follows:
-.PP
-
-\fIservices\fR;\fIttys\fR;\fIusers\fR;\fItimes\fR;\fIgroups\fR
-.PP
-The first field, the
-\fIservices\fR
-field, is a logic list of PAM service names that the rule applies to.
-.PP
-The second field, the
-\fItty\fR
-field, is a logic list of terminal names that this rule applies to.
-.PP
-The third field, the
-\fIusers\fR
-field, is a logic list of users or a netgroup of users to whom this rule applies.
-.PP
-For these items the simple wildcard '*' may be used only once. With netgroups no wildcards or logic operators are allowed.
-.PP
-The
-\fItimes\fR
-field is used to indicate "when" these groups are to be given to the user. The format here is a logic list of day/time\-range entries. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively. As a final example, AlFr means all days except Friday.
-.PP
-Each day/time\-range can be prefixed with a '!' to indicate "anything but". The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day).
-.PP
-The
-\fIgroups\fR
-field is a comma or space separated list of groups that the user inherits membership of. These groups are added if the previous fields are satisfied by the user's request.
-.PP
-For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process.
-.SH "EXAMPLES"
-.PP
-These are some example lines which might be specified in
-\fI/etc/security/group.conf\fR.
-.PP
-Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access to the floppy (through membership of the floppy group)
-.sp
-.RS 3n
-.nf
-xsh;tty*&!ttyp*;us;Al0000\-2400;floppy
-.fi
-.RE
-.PP
-Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access to games (through membership of the floppy group) after work hours.
-.sp
-.RS 3n
-.nf
-xsh; tty* ;sword;!Wk0900\-1800;games, sound
-xsh; tty* ;*;Al0900\-1800;floppy
-
-.fi
-.RE
-.SH "SEE ALSO"
-.PP
-
-\fBpam_group\fR(8),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_group was written by Andrew G. Morgan <morgan@kernel.org>.
diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
deleted file mode 100644
index 249d5683..00000000
--- a/modules/pam_group/pam_group.8
+++ /dev/null
@@ -1,94 +0,0 @@
-.\" Title: pam_group
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
-.\" Date: 11/06/2007
-.\" Manual: Linux-PAM Manual
-.\" Source: Linux-PAM Manual
-.\"
-.TH "PAM_GROUP" "8" "11/06/2007" "Linux-PAM Manual" "Linux-PAM Manual"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-pam_group - PAM module for group access
-.SH "SYNOPSIS"
-.HP 13
-\fBpam_group\.so\fR
-.SH "DESCRIPTION"
-.PP
-The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\. Such memberships are based on the service they are applying for\.
-.PP
-By default rules for group memberships are taken from config file
-\fI/etc/security/group\.conf\fR\.
-.PP
-This module\'s usefulness relies on the file\-systems accessible to the user\. The point being that once granted the membership of a group, the user may attempt to create a
-\fBsetgid\fR
-binary with a restricted group ownership\. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted
-\fInosuid\fR
-the user is unable to create or execute such a binary file\. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted
-\fInosuid\fR\.
-.PP
-The pam_group module fuctions in parallel with the
-\fI/etc/group\fR
-file\. If the user is granted any groups based on the behavior of this module, they are granted
-\fIin addition\fR
-to those entries
-\fI/etc/group\fR
-(or equivalent)\.
-.SH "OPTIONS"
-.PP
-This module does not recognise any options\.
-.SH "MODULE SERVICES PROVIDED"
-.PP
-Only the
-\fBauth\fR
-service is supported\.
-.SH "RETURN VALUES"
-.PP
-PAM_SUCCESS
-.RS 4
-group membership was granted\.
-.RE
-.PP
-PAM_ABORT
-.RS 4
-Not all relevant data could be gotten\.
-.RE
-.PP
-PAM_BUF_ERR
-.RS 4
-Memory buffer error\.
-.RE
-.PP
-PAM_CRED_ERR
-.RS 4
-Group membership was not granted\.
-.RE
-.PP
-PAM_IGNORE
-.RS 4
-
-\fBpam_sm_authenticate\fR
-was called which does nothing\.
-.RE
-.PP
-PAM_USER_UNKNOWN
-.RS 4
-The user is not known to the system\.
-.RE
-.SH "FILES"
-.PP
-\fI/etc/security/group\.conf\fR
-.RS 4
-Default configuration file
-.RE
-.SH "SEE ALSO"
-.PP
-
-\fBgroup.conf\fR(5),
-\fBpam.d\fR(8),
-\fBpam\fR(8)\.
-.SH "AUTHORS"
-.PP
-pam_group was written by Andrew G\. Morgan <morgan@kernel\.org>\.