diff options
Diffstat (limited to 'Linux-PAM/modules/pam_group/group.conf.5.xml')
-rw-r--r-- | Linux-PAM/modules/pam_group/group.conf.5.xml | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/Linux-PAM/modules/pam_group/group.conf.5.xml b/Linux-PAM/modules/pam_group/group.conf.5.xml deleted file mode 100644 index 9c008eb0..00000000 --- a/Linux-PAM/modules/pam_group/group.conf.5.xml +++ /dev/null @@ -1,131 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="group.conf"> - - <refmeta> - <refentrytitle>group.conf</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv> - <refname>group.conf</refname> - <refpurpose>configuration file for the pam_group module</refpurpose> - </refnamediv> - - <refsect1 id='group.conf-description'> - <title>DESCRIPTION</title> - - <para> - The pam_group PAM module does not authenticate the user, but instead - it grants group memberships (in the credential setting phase of the - authentication module) to the user. Such memberships are based on the - service they are applying for. - </para> - <para> - For this module to function correctly there must be a correctly - formatted <filename>/etc/security/group.conf</filename> file present. - White spaces are ignored and lines maybe extended with '\' (escaped - newlines). Text following a '#' is ignored to the end of the line. - </para> - - <para> - The syntax of the lines is as follows: - </para> - - <para> - <replaceable>services</replaceable>;<replaceable>ttys</replaceable>;<replaceable>users</replaceable>;<replaceable>times</replaceable>;<replaceable>groups</replaceable> - </para> - - - <para> - The first field, the <replaceable>services</replaceable> field, is a logic list - of PAM service names that the rule applies to. - </para> - - <para> - The second field, the <replaceable>tty</replaceable> - field, is a logic list of terminal names that this rule applies to. - </para> - - <para> - The third field, the <replaceable>users</replaceable> - field, is a logic list of users or a netgroup of users to whom this - rule applies. - </para> - - <para> - For these items the simple wildcard '*' may be used only once. - With netgroups no wildcards or logic operators are allowed. - </para> - - <para> - The <replaceable>times</replaceable> field is used to indicate "when" - these groups are to be given to the user. The format here is a logic - list of day/time-range entries. The days are specified by a sequence of - two character entries, MoTuSa for example is Monday Tuesday and Saturday. - Note that repeated days are unset MoMo = no day, and MoWk = all weekdays - bar Monday. The two character combinations accepted are Mo Tu We Th Fr Sa - Su Wk Wd Al, the last two being week-end days and all 7 days of the week - respectively. As a final example, AlFr means all days except Friday. - </para> - <para> - Each day/time-range can be prefixed with a '!' to indicate "anything but". - The time-range part is two 24-hour times HHMM, separated by a hyphen, - indicating the start and finish time (if the finish time is smaller - than the start time it is deemed to apply on the following day). - </para> - - <para> - The <replaceable>groups</replaceable> field is a comma or space - separated list of groups that the user inherits membership of. These - groups are added if the previous fields are satisfied by the user's request. - </para> - - <para> - For a rule to be active, ALL of service+ttys+users must be satisfied - by the applying process. - </para> - </refsect1> - - <refsect1 id="group.conf-examples"> - <title>EXAMPLES</title> - <para> - These are some example lines which might be specified in - <filename>/etc/security/group.conf</filename>. - </para> - - <para> - Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access - to the floppy (through membership of the floppy group) - </para> - <programlisting>xsh;tty*&!ttyp*;us;Al0000-2400;floppy</programlisting> - - <para> - Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access - to games (through membership of the floppy group) after work hours. - </para> - <programlisting> -xsh; tty* ;sword;!Wk0900-1800;games, sound -xsh; tty* ;*;Al0900-1800;floppy - </programlisting> - </refsect1> - - <refsect1 id="group.conf-see_also"> - <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>pam_group</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> - </para> - </refsect1> - - <refsect1 id="group.conf-author"> - <title>AUTHOR</title> - <para> - pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - </para> - </refsect1> -</refentry> |