diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 19:03:53 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 19:03:53 -0800 |
commit | aa0448336a79d85579464f023ac87675be60abfc (patch) | |
tree | 6a460a8e09fca6fc470649aa0fe129f87d0ecb01 /modules/pam_sepermit/README | |
parent | 212b52cf29c06cc209bc8ac0540dbab1acdf1464 (diff) | |
parent | 2c201a306eb3945da808df4daf8c57895197a225 (diff) |
New upstream version 1.1.1
Diffstat (limited to 'modules/pam_sepermit/README')
-rw-r--r-- | modules/pam_sepermit/README | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/modules/pam_sepermit/README b/modules/pam_sepermit/README index 11429832..cd697bb9 100644 --- a/modules/pam_sepermit/README +++ b/modules/pam_sepermit/README @@ -13,19 +13,15 @@ allowed access only when the SELinux is in enforcing mode. Otherwise he is denied access. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value. -The config file contains a simple list of user names one per line. If the name -is prefixed with @ character it means that all users in the group name match. -If it is prefixed with a % character the SELinux user is used to match against -the name instead of the account name. Note that when SELinux is disabled the -SELinux user assigned to the account cannot be determined. This means that such -entries are never matched when SELinux is disabled and pam_sepermit will return -PAM_IGNORE. - -Each user name in the configuration file can have optional arguments separated -by : character. The only currently recognized argument is exclusive. The -pam_sepermit module will allow only single concurrent user session for the user -with this argument specified and it will attempt to kill all processes of the -user after logout. +The config file contains a list of user names one per line with optional +arguments. If the name is prefixed with @ character it means that all users in +the group name match. If it is prefixed with a % character the SELinux user is +used to match against the name instead of the account name. Note that when +SELinux is disabled the SELinux user assigned to the account cannot be +determined. This means that such entries are never matched when SELinux is +disabled and pam_sepermit will return PAM_IGNORE. + +See sepermit.conf(5) for details. OPTIONS @@ -47,5 +43,6 @@ session required pam_permit.so AUTHOR -pam_sepermit was written by Tomas Mraz <tmraz@redhat.com>. +pam_sepermit and this manual page were written by Tomas Mraz +<tmraz@redhat.com>. |