summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_access/access.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_access/access.conf.5')
-rw-r--r--Linux-PAM/modules/pam_access/access.conf.592
1 files changed, 46 insertions, 46 deletions
diff --git a/Linux-PAM/modules/pam_access/access.conf.5 b/Linux-PAM/modules/pam_access/access.conf.5
index fcd33bb4..9b8fb70b 100644
--- a/Linux-PAM/modules/pam_access/access.conf.5
+++ b/Linux-PAM/modules/pam_access/access.conf.5
@@ -1,32 +1,32 @@
.\" Title: access.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: 06/22/2007
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 01/08/2008
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
.\"
-.TH "ACCESS.CONF" "5" "06/22/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS\.CONF" "5" "01/08/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
-access.conf \- the login access control table file
+access.conf - the login access control table file
.SH "DESCRIPTION"
.PP
The
-\fI/etc/security/access.conf\fR
+\fI/etc/security/access\.conf\fR
file specifies (\fIuser/group\fR,
\fIhost\fR), (\fIuser/group\fR,
\fInetwork/netmask\fR) or (\fIuser/group\fR,
-\fItty\fR) combinations for which a login will be either accepted or refused.
+\fItty\fR) combinations for which a login will be either accepted or refused\.
.PP
When someone logs in, the file
-\fIaccess.conf\fR
+\fIaccess\.conf\fR
is scanned for the first entry that matches the (\fIuser/group\fR,
\fIhost\fR) or (\fIuser/group\fR,
\fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR,
-\fItty\fR) combination. The permissions field of that table entry determines whether the login will be accepted or refused.
+\fItty\fR) combination\. The permissions field of that table entry determines whether the login will be accepted or refused\.
.PP
Each line of the login access control table has three fields separated by a ":" character (colon):
.PP
@@ -35,92 +35,92 @@ Each line of the login access control table has three fields separated by a ":"
.PP
The first field, the
\fIpermission\fR
-field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied.
+field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\.
.PP
The second field, the
\fIusers\fR/\fIgroup\fR
field, should be a list of one or more login names, group names, or
\fIALL\fR
-(which always matches). To differentiate user entries from group entries, group entries should be written with brackets, e.g.
-\fI(group)\fR.
+(which always matches)\. To differentiate user entries from group entries, group entries should be written with brackets, e\.g\.
+\fI(group)\fR\.
.PP
The third field, the
\fIorigins\fR
-field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
+field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\."), host addresses, internet network numbers (end with "\."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also),
\fIALL\fR
(which always matches) or
\fILOCAL\fR
-(which matches any string that does not contain a "." character). If supported by the system you can use
+(which matches any string that does not contain a "\." character)\. If supported by the system you can use
\fI@netgroupname\fR
-in host or user patterns.
+in host or user patterns\.
.PP
The
\fIEXCEPT\fR
-operator makes it possible to write very compact rules.
+operator makes it possible to write very compact rules\.
.PP
If the
\fBnodefgroup\fR
-is not set, the group file is searched when a name does not match that of the logged\-in user. Only groups are matched in which users are explicitly listed. However the PAM module does not look at the primary group id of a user.
+is not set, the group file is searched when a name does not match that of the logged\-in user\. Only groups are matched in which users are explicitly listed\. However the PAM module does not look at the primary group id of a user\.
.PP
-The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line.
+The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\.
.SH "EXAMPLES"
.PP
These are some example lines which might be specified in
-\fI/etc/security/access.conf\fR.
+\fI/etc/security/access\.conf\fR\.
.PP
User
\fIroot\fR
should be allowed to get access via
\fIcron\fR, X11 terminal
\fI:0\fR,
-\fItty1\fR, ...,
+\fItty1\fR, \.\.\.,
\fItty5\fR,
-\fItty6\fR.
+\fItty6\fR\.
.PP
+ : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6
.PP
User
\fIroot\fR
-should be allowed to get access from hosts which own the IPv4 addresses. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too.
+should be allowed to get access from hosts which own the IPv4 addresses\. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\.
.PP
-+ : root : 192.168.200.1 192.168.200.4 192.168.200.9
++ : root : 192\.168\.200\.1 192\.168\.200\.4 192\.168\.200\.9
.PP
-+ : root : 127.0.0.1
++ : root : 127\.0\.0\.1
.PP
User
\fIroot\fR
should get access from network
-192.168.201.
-where the term will be evaluated by string matching. But it might be better to use network/netmask instead. The same meaning of
-192.168.201.
+192\.168\.201\.
+where the term will be evaluated by string matching\. But it might be better to use network/netmask instead\. The same meaning of
+192\.168\.201\.
is
-\fI192.168.201.0/24\fR
+\fI192\.168\.201\.0/24\fR
or
-\fI192.168.201.0/255.255.255.0\fR.
+\fI192\.168\.201\.0/255\.255\.255\.0\fR\.
.PP
-+ : root : 192.168.201.
++ : root : 192\.168\.201\.
.PP
User
\fIroot\fR
should be able to have access from hosts
-\fIfoo1.bar.org\fR
+\fIfoo1\.bar\.org\fR
and
-\fIfoo2.bar.org\fR
-(uses string matching also).
+\fIfoo2\.bar\.org\fR
+(uses string matching also)\.
.PP
-+ : root : foo1.bar.org foo2.bar.org
++ : root : foo1\.bar\.org foo2\.bar\.org
.PP
User
\fIroot\fR
should be able to have access from domain
-\fIfoo.bar.org\fR
-(uses string matching also).
+\fIfoo\.bar\.org\fR
+(uses string matching also)\.
.PP
-+ : root : .foo.bar.org
++ : root : \.foo\.bar\.org
.PP
User
\fIroot\fR
-should be denied to get access from all other sources.
+should be denied to get access from all other sources\.
.PP
\- : root : ALL
.PP
@@ -128,7 +128,7 @@ User
\fIfoo\fR
and members of netgroup
\fIadmins\fR
-should be allowed to get access from all sources. This will only work if netgroup service is available.
+should be allowed to get access from all sources\. This will only work if netgroup service is available\.
.PP
+ : @admins foo : ALL
.PP
@@ -136,21 +136,21 @@ User
\fIjohn\fR
and
\fIfoo\fR
-should get access from IPv6 host address.
+should get access from IPv6 host address\.
.PP
+ : john foo : 2001:4ca0:0:101::1
.PP
User
\fIjohn\fR
-should get access from IPv6 net/mask.
+should get access from IPv6 net/mask\.
.PP
+ : john : 2001:4ca0:0:101::/64
.PP
-Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group.
+Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\.
.PP
\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
.PP
-All other users should be denied to get access from all sources.
+All other users should be denied to get access from all sources\.
.PP
\- : ALL : ALL
.SH "SEE ALSO"
@@ -165,6 +165,6 @@ Original
\fBlogin.access\fR(5)
manual was provided by Guido van Rooij which was renamed to
\fBaccess.conf\fR(5)
-to reflect relation to default config file.
+to reflect relation to default config file\.
.PP
-Network address / netmask description and example text was introduced by Mike Becher <mike.becher@lrz\-muenchen.de>.
+Network address / netmask description and example text was introduced by Mike Becher <mike\.becher@lrz\-muenchen\.de>\.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 23:52:14 +0000