2024-01-06 08:23:27 +01:00
|
|
|
##
|
|
|
|
## Note, to get this to work as it is currently typed you need
|
|
|
|
##
|
|
|
|
## 1. to run an application as root
|
|
|
|
## 2. add the following groups to the /etc/group file:
|
|
|
|
## floppy, games, sound
|
|
|
|
##
|
|
|
|
#
|
|
|
|
# *** Please note that giving group membership on a session basis is
|
|
|
|
# *** NOT inherently secure. If a user can create an executable that
|
|
|
|
# *** is setgid a group that they are infrequently given membership
|
|
|
|
# *** of, they can basically obtain group membership any time they
|
|
|
|
# *** like. Example: games are allowed between the hours of 6pm and 6am
|
|
|
|
# *** user joe logs in at 7pm writes a small C-program toplay.c that
|
|
|
|
# *** invokes their favorite shell, compiles it and does
|
|
|
|
# *** "chgrp games toplay; chmod g+s toplay". They are basically able
|
|
|
|
# *** to play games any time... You have been warned. AGM
|
|
|
|
#
|
|
|
|
# this is an example configuration file for the pam_group module. Its
|
|
|
|
# syntax is based on that of the pam_time module and (at some point in
|
|
|
|
# the distant past was inspired by the 'shadow' package)
|
|
|
|
#
|
|
|
|
# the syntax of the lines is as follows:
|
|
|
|
#
|
|
|
|
# services;ttys;users;times;groups
|
|
|
|
#
|
|
|
|
# white space is ignored and lines maybe extended with '\\n' (escaped
|
|
|
|
# newlines). From reading these comments, it is clear that
|
|
|
|
# text following a '#' is ignored to the end of the line.
|
|
|
|
#
|
|
|
|
# the first four fields are described in the pam_time directory.
|
|
|
|
# The only difference for these is how the time field is interpretted:
|
|
|
|
# it is used to indicate "when" these groups are to be given to the user.
|
|
|
|
#
|
|
|
|
# groups
|
|
|
|
# The (comma or space separated) list of groups that the user
|
|
|
|
# inherits membership of. These groups are added if the previous
|
|
|
|
# fields are satisfied by the user's request
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
|
|
|
|
# the user 'us' is given access to the floppy (through membership of
|
|
|
|
# the floppy group)
|
|
|
|
#
|
|
|
|
|
|
|
|
#xsh;tty*&!ttyp*;us;Al0000-2400;floppy
|
|
|
|
|
|
|
|
#
|
|
|
|
# another example: running 'xsh' on tty* (any ttyXXX device),
|
|
|
|
# the user 'sword' is given access to games (through membership of
|
|
|
|
# the floppy group) after work hours
|
|
|
|
#
|
|
|
|
|
|
|
|
#xsh; tty* ;sword;!Wk0900-1800;games, sound
|
|
|
|
#xsh; tty* ;*;Al0900-1800;floppy
|
|
|
|
|
|
|
|
#
|
|
|
|
# End of group.conf file
|
|
|
|
#
|
2024-01-06 08:23:27 +01:00
|
|
|
kde;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp
|
|
|
|
kde-np;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp
|
|
|
|
lxdm;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp
|
|
|
|
sshd;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp
|