From 9f26c65fb1009c51dbc53d8b590041d81e60809b Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 11 May 2016 15:22:33 +0200 Subject: Remove spaces in examples for access.conf. The spaces are ignored only with the default listsep. To remove confusion if non-default listsep is used they are removed from the examples. * modules/pam_access/access.conf: Remove all spaces around ':' in examples. * modules/pam_access/access.conf.5.xml: Likewise. --- modules/pam_access/access.conf | 28 ++++++++++++++-------------- modules/pam_access/access.conf.5.xml | 22 +++++++++++----------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf index 74c5fbe8..47b6b84c 100644 --- a/modules/pam_access/access.conf +++ b/modules/pam_access/access.conf @@ -18,7 +18,7 @@ # pam_access with X applications that provide PAM_TTY values that are # the display variable like "host:0".] # -# permission : users : origins +# permission:users:origins # # The first field should be a "+" (access granted) or "-" (access denied) # character. @@ -79,44 +79,44 @@ ############################################################################## # # User "root" should be allowed to get access via cron .. tty5 tty6. -#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 +#+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # # User "root" should be allowed to get access from hosts with ip addresses. -#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9 -#+ : root : 127.0.0.1 +#+:root:192.168.200.1 192.168.200.4 192.168.200.9 +#+:root:127.0.0.1 # # User "root" should get access from network 192.168.201. # This term will be evaluated by string matching. # comment: It might be better to use network/netmask instead. # The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0 -#+ : root : 192.168.201. +#+:root:192.168.201. # # User "root" should be able to have access from domain. # Uses string matching also. -#+ : root : .foo.bar.org +#+:root:.foo.bar.org # # User "root" should be denied to get access from all other sources. -#- : root : ALL +#-:root:ALL # # User "foo" and members of netgroup "nis_group" should be # allowed to get access from all sources. # This will only work if netgroup service is available. -#+ : @nis_group foo : ALL +#+:@nis_group foo:ALL # # User "john" should get access from ipv4 net/mask -#+ : john : 127.0.0.0/24 +#+:john:127.0.0.0/24 # # User "john" should get access from ipv4 as ipv6 net/mask -#+ : john : ::ffff:127.0.0.0/127 +#+:john:::ffff:127.0.0.0/127 # # User "john" should get access from ipv6 host address -#+ : john : 2001:4ca0:0:101::1 +#+:john:2001:4ca0:0:101::1 # # User "john" should get access from ipv6 host address (same as above) -#+ : john : 2001:4ca0:0:101:0:0:0:1 +#+:john:2001:4ca0:0:101:0:0:0:1 # # User "john" should get access from ipv6 net/mask -#+ : john : 2001:4ca0:0:101::/64 +#+:john:2001:4ca0:0:101::/64 # # All other users should be denied to get access from all sources. -#- : ALL : ALL +#-:ALL:ALL diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index d686d92b..7ae512e5 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -139,7 +139,7 @@ tty1, ..., tty5, tty6. - + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6 + +:root:crond :0 tty1 tty2 tty3 tty4 tty5 tty6 User root should be allowed to get access from @@ -147,8 +147,8 @@ connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too. - + : root : 192.168.200.1 192.168.200.4 192.168.200.9 - + : root : 127.0.0.1 + +:root:192.168.200.1 192.168.200.4 192.168.200.9 + +:root:127.0.0.1 User root should get access from network @@ -158,44 +158,44 @@ 192.168.201.0/24 or 192.168.201.0/255.255.255.0. - + : root : 192.168.201. + +:root:192.168.201. User root should be able to have access from hosts foo1.bar.org and foo2.bar.org (uses string matching also). - + : root : foo1.bar.org foo2.bar.org + +:root:foo1.bar.org foo2.bar.org User root should be able to have access from domain foo.bar.org (uses string matching also). - + : root : .foo.bar.org + +:root:.foo.bar.org User root should be denied to get access from all other sources. - - : root : ALL + -:root:ALL User foo and members of netgroup admins should be allowed to get access from all sources. This will only work if netgroup service is available. - + : @admins foo : ALL + +:@admins foo:ALL User john and foo should get access from IPv6 host address. - + : john foo : 2001:db8:0:101::1 + +:john foo:2001:db8:0:101::1 User john should get access from IPv6 net/mask. - + : john : 2001:db8:0:101::/64 + +:john:2001:db8:0:101::/64 Disallow console logins to all but the shutdown, sync and all @@ -206,7 +206,7 @@ All other users should be denied to get access from all sources. - - : ALL : ALL + -:ALL:ALL -- cgit v1.2.3