summaryrefslogtreecommitdiff
path: root/modules/pam_tty_audit/pam_tty_audit.8.xml
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2017-06-28 15:52:16 +0200
committerTomas Mraz <tmraz@fedoraproject.org>2017-06-28 15:52:16 +0200
commit62058c50abd7df7769fd4e152488197b7e4e2054 (patch)
tree88ad63a03d3114086a403721900a15ed65613222 /modules/pam_tty_audit/pam_tty_audit.8.xml
parent7d0c508a52ebc9c702e1b6e66f46e4a6dc028c4a (diff)
pam_tty_audit: Support matching users by uid range.
* modules/pam_tty_audit/pam_tty_audit.c (parse_uid_range): New function to parse the uid range. (pam_sm_open_session): Call parse_uid_range() and behave according to its result. * modules/pam_tty_audit/pam_tty_audit.8.xml: Document the uid range matching.
Diffstat (limited to 'modules/pam_tty_audit/pam_tty_audit.8.xml')
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.8.xml26
1 files changed, 18 insertions, 8 deletions
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index 552353ce..59a3406d 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -44,10 +44,10 @@
</term>
<listitem>
<para>
- For each user matching one of comma-separated glob
- <option><replaceable>patterns</replaceable></option>, disable
- TTY auditing. This overrides any previous <option>enable</option>
- option matching the same user name on the command line.
+ For each user matching <option><replaceable>patterns</replaceable></option>,
+ disable TTY auditing. This overrides any previous <option>enable</option>
+ option matching the same user name on the command line. See NOTES
+ for further description of <option><replaceable>patterns</replaceable></option>.
</para>
</listitem>
</varlistentry>
@@ -57,10 +57,10 @@
</term>
<listitem>
<para>
- For each user matching one of comma-separated glob
- <option><replaceable>patterns</replaceable></option>, enable
- TTY auditing. This overrides any previous <option>disable</option>
- option matching the same user name on the command line.
+ For each user matching <option><replaceable>patterns</replaceable></option>,
+ enable TTY auditing. This overrides any previous <option>disable</option>
+ option matching the same user name on the command line. See NOTES
+ for further description of <option><replaceable>patterns</replaceable></option>.
</para>
</listitem>
</varlistentry>
@@ -139,6 +139,16 @@
To view the data that was logged by the kernel to audit use
the command <command>aureport --tty</command>.
</para>
+ <para>
+ The <option><replaceable>patterns</replaceable></option> are comma separated
+ lists of glob patterns or ranges of uids. A range is specified as
+ <replaceable>min_uid</replaceable>:<replaceable>max_uid</replaceable> where
+ one of these values can be empty. If <replaceable>min_uid</replaceable> is
+ empty only user with the uid <replaceable>max_uid</replaceable> will be
+ matched. If <replaceable>max_uid</replaceable> is empty users with the uid
+ greater than or equal to <replaceable>min_uid</replaceable> will be
+ matched.
+ </para>
</refsect1>
<refsect1 id='pam_tty_audit-examples'>