diff options
Diffstat (limited to 'modules/pam_group/group.conf')
| -rw-r--r-- | modules/pam_group/group.conf | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/modules/pam_group/group.conf b/modules/pam_group/group.conf deleted file mode 100644 index e721b990..00000000 --- a/modules/pam_group/group.conf +++ /dev/null @@ -1,60 +0,0 @@ -## -## Note, to get this to work as it is currently typed you need -## -## 1. to run an application as root -## 2. add the following groups to the /etc/group file: -## floppy, games, sound -## -# -# *** Please note that giving group membership on a session basis is -# *** NOT inherently secure. If a user can create an executable that -# *** is setgid a group that they are infrequently given membership -# *** of, they can basically obtain group membership any time they -# *** like. Example: games are allowed between the hours of 6pm and 6am -# *** user joe logs in at 7pm writes a small C-program toplay.c that -# *** invokes their favorite shell, compiles it and does -# *** "chgrp games toplay; chmod g+s toplay". They are basically able -# *** to play games any time... You have been warned. AGM -# -# this is an example configuration file for the pam_group module. Its -# syntax is based on that of the pam_time module and (at some point in -# the distant past was inspired by the 'shadow' package) -# -# the syntax of the lines is as follows: -# -# services;ttys;users;times;groups -# -# white space is ignored and lines maybe extended with '\\n' (escaped -# newlines). From reading these comments, it is clear that -# text following a '#' is ignored to the end of the line. -# -# the first four fields are described in the pam_time directory. -# The only difference for these is how the time field is interpretted: -# it is used to indicate "when" these groups are to be given to the user. -# -# groups -# The (comma or space separated) list of groups that the user -# inherits membership of. These groups are added if the previous -# fields are satisfied by the user's request -# - -# -# Here is a simple example: running 'xsh' on tty* (any ttyXXX device), -# the user 'us' is given access to the floppy (through membership of -# the floppy group) -# - -#xsh;tty*&!ttyp*;us;Al0000-2400;floppy - -# -# another example: running 'xsh' on tty* (any ttyXXX device), -# the user 'sword' is given access to games (through membership of -# the floppy group) after work hours -# - -#xsh; tty* ;sword;!Wk0900-1800;games, sound -#xsh; tty* ;*;Al0900-1800;floppy - -# -# End of group.conf file -# |