From 2a8b8f8a9322d075d8a991829fbe7f5c4ebbba7d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 1 Jun 2006 18:51:15 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2006-06-01 Thorsten Kukuk * modules/pam_group/Makefile.am: Include Make.xml.rules. * modules/pam_group/group.conf.5.xml: New. * modules/pam_group/group.conf.5: New, generated from xml file. * modules/pam_group/pam_group.8.xml: New. * modules/pam_group/pam_group.8: New, generated from xml file. * modules/pam_group/README.xml: New. * modules/pam_group/README: Regenerated from xml file. --- modules/pam_group/group.conf.5.xml | 130 +++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 modules/pam_group/group.conf.5.xml (limited to 'modules/pam_group/group.conf.5.xml') diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml new file mode 100644 index 00000000..036efb15 --- /dev/null +++ b/modules/pam_group/group.conf.5.xml @@ -0,0 +1,130 @@ + + + + + + + group.conf + 5 + Linux-PAM Manual + + + + group.conf + configuration file for the pam_group module + + + + DESCRIPTION + + + The pam_group PAM module does not authenticate the user, but instead + it grants group memberships (in the credential setting phase of the + authentication module) to the user. Such memberships are based on the + service they are applying for. + + + For this module to function correctly there must be a correctly + formatted /etc/security/groups.conf file present. + White spaces are ignored and lines maybe extended with '\' (escaped + newlines). Text following a '#' is ignored to the end of the line. + + + + The syntax of the lines is as follows: + + + + services;ttys;users;times;groups + + + + + The first field, the services field, is a logic list + of PAM service names that the rule applies to. + + + + The second field, the tty + field, is a logic list of terminal names that this rule applies to. + + + + The third field, the users + field, is a logic list of users or a netgroup of users to whom this + rule applies. + + + + For these items the simple wildcard '*' may be used only once. + With netgroups no wildcards or logic operators are allowed. + + + + The times field is used to indicate "when" + these groups are to be given to the user. The format here is a logic + list of day/time-range entries the days are specified by a sequence of + two character entries, MoTuSa for example is Monday Tuesday and Saturday. + Note that repeated days are unset MoMo = no day, and MoWk = all weekdays + bar Monday. The two character combinations accepted are Mo Tu We Th Fr Sa + Su Wk Wd Al, the last two being week-end days and all 7 days of the week + respectively. As a final example, AlFr means all days except Friday. + + + Each day/time-range can be prefixed with a '!' to indicate "anything but". + The time-range part is two 24-hour times HHMM separated by a hyphen + indicating the start and finish time (if the finish time is smaller + than the start time it is deemed to apply on the following day). + + + + The groups field is a comma or space + separated list of groups that the user inherits membership of. These + groups are added if the previous fields are satisfied by the user's request. + + + + For a rule to be active, ALL of service+ttys+users must be satisfied + by the applying process. + + + + + EXAMPLES + + These are some example lines which might be specified in + /etc/security/group.conf. + + + + Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access + to the floppy (through membership of the floppy group) + + xsh;tty*&!ttyp*;us;Al0000-2400;floppy + + + Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access + to games (through membership of the floppy group) after work hours. + + xsh; tty* ;sword;!Wk0900-1800;games, sound + xsh; tty* ;*;Al0900-1800;floppy + + + + + SEE ALSO + + pam_group8, + pam.d5, + pam8 + + + + + AUTHORS + + pam_group was written by Andrew G. Morgan <morgan@kernel.org>. + + + -- cgit v1.2.3