TERMINAL FM // security

EDITOR
/etc/security/group.conf
#
# This is the configuration file for the pam_group module.
#

#
# *** Please note that giving group membership on a session basis is
# *** NOT inherently secure. If a user can create an executable that
# *** is setgid a group that they are infrequently given membership
# *** of, they can basically obtain group membership any time they
# *** like. Example: games are allowed between the hours of 6pm and 6am
# *** user joe logs in at 7pm writes a small C-program toplay.c that
# *** invokes their favorite shell, compiles it and does
# *** "chgrp play toplay; chmod g+s toplay". They are basically able
# *** to play games any time... You have been warned. AGM
#

#
# The syntax of the lines is as follows:
#
#       services;ttys;users;times;groups
#
# white space is ignored and lines maybe extended with '\\n' (escaped
# newlines). From reading these comments, it is clear that
# text following a '#' is ignored to the end of the line.
#
# the combination of individual users/terminals etc is a logic list
# namely individual tokens that are optionally prefixed with '!' (logical
# not) and separated with '&' (logical and) and '|' (logical or).
#
# services
#       is a logic list of PAM service names that the rule applies to.
#
# ttys
#       is a logic list of terminal names that this rule applies to.
#
# users
#       is a logic list of users or a netgroup of users to whom this
#       rule applies.
#
# NB. For these items the simple wildcard '*' may be used only once.
#     With netgroups no wildcards or logic operators are allowed.
#
# times
#       It is used to indicate "when" these groups are to be given to the
#       user. The format here is a logic list of day/time-range
#       entries the days are specified by a sequence of two character
#       entries, MoTuSa for example is Monday Tuesday and Saturday. Note
#       that repeated days are unset MoMo = no day, and MoWk = all weekdays
#       bar Monday. The two character combinations accepted are
#
#               Mo Tu We Th Fr Sa Su Wk Wd Al
#
#       the last two being week-end days and all 7 days of the week
#       respectively. As a final example, AlFr means all days except Friday.
#
#       Each day/time-range can be prefixed with a '!' to indicate "anything
#       but"
#
#       The time-range part is two 24-hour times HHMM separated by a hyphen
#       indicating the start and finish time (if the finish time is smaller
#       than the start time it is deemed to apply on the following day).
#
# groups
#	The (comma or space separated) list of groups that the user
#	inherits membership of. These groups are added if the previous
#	fields are satisfied by the user's request
#
# For a rule to be active, ALL of service+ttys+users must be satisfied
# by the applying process.
#

#
# Note, to get this to work as it is currently typed you need
#
# 1. to run an application as root
# 2. add the following groups to the /etc/group file:
#		floppy, play, sound
#

#
# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
# the user 'us' is given access to the floppy (through membership of
# the floppy group)
#

#xsh;tty*&!ttyp*;us;Al0000-2400;floppy

#
# another example: running 'xsh' on tty* (any ttyXXX device),
# the user 'sword' is given access to games (through membership of
# the sound and play group) after work hours.
#

#xsh; tty* ;sword;!Wk0900-1800;sound, play
#xsh; tty* ;*;Al0900-1800;floppy

#
# yet another example: any member of the group 'admin' running
# 'xsh' on tty*, is granted access (at any time) to the group 'plugdev'
#

#xsh; tty* ;%admin;Al0000-2400;plugdev

#
# End of group.conf file
#
Ln 1, Col 1
ONLINE
security
18 items
20:04:52