## ## Note, to get this to work as it is currently typed you need ## ## 1. to run an application as root ## 2. add the following groups to the /etc/group file: ## floppy, games, sound ## # # *** Please note that giving group membership on a session basis is # *** NOT inherently secure. If a user can create an executable that # *** is setgid a group that they are infrequently given membership # *** of, they can basically obtain group membership any time they # *** like. Example: games are allowed between the hours of 6pm and 6am # *** user joe logs in at 7pm writes a small C-program toplay.c that # *** invokes their favorite shell, compiles it and does # *** "chgrp games toplay; chmod g+s toplay". They are basically able # *** to play games any time... You have been warned. AGM # # this is an example configuration file for the pam_group module. Its # syntax is based on that of the pam_time module and (at some point in # the distant past was inspired by the 'shadow' package) # # the syntax of the lines is as follows: # # services;ttys;users;times;groups # # white space is ignored and lines maybe extended with '\\n' (escaped # newlines). From reading these comments, it is clear that # text following a '#' is ignored to the end of the line. # # the first four fields are described in the pam_time directory. # The only difference for these is how the time field is interpretted: # it is used to indicate "when" these groups are to be given to the user. # # groups # The (comma or space separated) list of groups that the user # inherits membership of. These groups are added if the previous # fields are satisfied by the user's request # # # Here is a simple example: running 'xsh' on tty* (any ttyXXX device), # the user 'us' is given access to the floppy (through membership of # the floppy group) # #xsh;tty*&!ttyp*;us;Al0000-2400;floppy # # another example: running 'xsh' on tty* (any ttyXXX device), # the user 'sword' is given access to games (through membership of # the floppy group) after work hours # #xsh; tty* ;sword;!Wk0900-1800;games, sound #xsh; tty* ;*;Al0900-1800;floppy # # End of group.conf file # kde;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp kde-np;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp lxdm;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp sshd;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,uucp,lp