Diffstat (limited to 'modules/pam_sepermit/README')
1 files changed, 11 insertions, 14 deletions
diff --git a/modules/pam_sepermit/README b/modules/pam_sepermit/README
index 11429832..cd697bb9 100644
@@ -13,19 +13,15 @@ allowed access only when the SELinux is in enforcing mode. Otherwise he is
denied access. For users not matching any entry in the config file the
pam_sepermit module returns PAM_IGNORE return value.
-The config file contains a simple list of user names one per line. If the name
-is prefixed with @ character it means that all users in the group name match.
-If it is prefixed with a % character the SELinux user is used to match against
-the name instead of the account name. Note that when SELinux is disabled the
-SELinux user assigned to the account cannot be determined. This means that such
-entries are never matched when SELinux is disabled and pam_sepermit will return
-Each user name in the configuration file can have optional arguments separated
-by : character. The only currently recognized argument is exclusive. The
-pam_sepermit module will allow only single concurrent user session for the user
-with this argument specified and it will attempt to kill all processes of the
-user after logout.
+The config file contains a list of user names one per line with optional
+arguments. If the name is prefixed with @ character it means that all users in
+the group name match. If it is prefixed with a % character the SELinux user is
+used to match against the name instead of the account name. Note that when
+SELinux is disabled the SELinux user assigned to the account cannot be
+determined. This means that such entries are never matched when SELinux is
+disabled and pam_sepermit will return PAM_IGNORE.
+See sepermit.conf(5) for details.
@@ -47,5 +43,6 @@ session required pam_permit.so
-pam_sepermit was written by Tomas Mraz <firstname.lastname@example.org>.
+pam_sepermit and this manual page were written by Tomas Mraz