summaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_group/group.conf
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_group/group.conf')
-rw-r--r--Linux-PAM/modules/pam_group/group.conf69
1 files changed, 54 insertions, 15 deletions
diff --git a/Linux-PAM/modules/pam_group/group.conf b/Linux-PAM/modules/pam_group/group.conf
index e721b990..d4a10672 100644
--- a/Linux-PAM/modules/pam_group/group.conf
+++ b/Linux-PAM/modules/pam_group/group.conf
@@ -1,10 +1,7 @@
-##
-## Note, to get this to work as it is currently typed you need
-##
-## 1. to run an application as root
-## 2. add the following groups to the /etc/group file:
-## floppy, games, sound
-##
+#
+# This is the configuration file for the pam_group module.
+#
+
#
# *** Please note that giving group membership on a session basis is
# *** NOT inherently secure. If a user can create an executable that
@@ -16,11 +13,9 @@
# *** "chgrp games toplay; chmod g+s toplay". They are basically able
# *** to play games any time... You have been warned. AGM
#
-# this is an example configuration file for the pam_group module. Its
-# syntax is based on that of the pam_time module and (at some point in
-# the distant past was inspired by the 'shadow' package)
+
#
-# the syntax of the lines is as follows:
+# The syntax of the lines is as follows:
#
# services;ttys;users;times;groups
#
@@ -28,15 +23,59 @@
# newlines). From reading these comments, it is clear that
# text following a '#' is ignored to the end of the line.
#
-# the first four fields are described in the pam_time directory.
-# The only difference for these is how the time field is interpretted:
-# it is used to indicate "when" these groups are to be given to the user.
+# the combination of individual users/terminals etc is a logic list
+# namely individual tokens that are optionally prefixed with '!' (logical
+# not) and separated with '&' (logical and) and '|' (logical or).
+#
+# services
+# is a logic list of PAM service names that the rule applies to.
+#
+# ttys
+# is a logic list of terminal names that this rule applies to.
+#
+# users
+# is a logic list of users or a netgroup of users to whom this
+# rule applies.
+#
+# NB. For these items the simple wildcard '*' may be used only once.
+# With netgroups no wildcards or logic operators are allowed.
+#
+# times
+# It is used to indicate "when" these groups are to be given to the
+# user. The format here is a logic list of day/time-range
+# entries the days are specified by a sequence of two character
+# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
+# that repeated days are unset MoMo = no day, and MoWk = all weekdays
+# bar Monday. The two character combinations accepted are
+#
+# Mo Tu We Th Fr Sa Su Wk Wd Al
+#
+# the last two being week-end days and all 7 days of the week
+# respectively. As a final example, AlFr means all days except Friday.
+#
+# Each day/time-range can be prefixed with a '!' to indicate "anything
+# but"
+#
+# The time-range part is two 24-hour times HHMM separated by a hyphen
+# indicating the start and finish time (if the finish time is smaller
+# than the start time it is deemed to apply on the following day).
#
# groups
-# The (comma or space separated) list of groups that the user
+# The (comma or space separated) list of groups that the user
# inherits membership of. These groups are added if the previous
# fields are satisfied by the user's request
#
+# For a rule to be active, ALL of service+ttys+users must be satisfied
+# by the applying process.
+#
+
+#
+# Note, to get this to work as it is currently typed you need
+#
+# 1. to run an application as root
+# 2. add the following groups to the /etc/group file:
+# floppy, games, sound
+#
#
# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 00:09:01 +0000