resmgr.conf

Langue: en

Autres versions - même langue

Version: 08/02/2007 (openSuse - 09/10/07)

Section: 5 (Format de fichier)

Sommaire

NAME

resmgr.conf - main config file for resmgr

SYNOPSIS

/etc/resmgr.conf, /etc/resmgr.conf.d

DESCRIPTION

The file /etc/resmgr.conf defines the login classes for the resource manager resmgrd. The minimal configuration is to define a single resource class and manage everything else dynamically. You may also define access control lists in this configuration file though.

Additionally all files with suffix .conf in the directory /etc/resmgr.conf.d/ are read in alphabetical order. This mechanism is intended for packages that want to define additional ressource classes or access control rules. The recommended name for files placed in that directory is NUMBER-PACKAGENAME.conf where NUMBER is a number between zero and 99.

Everything starting from a hash mark unto the end of the line is a com- ment, and is ignored.

The configuration file can contain the following commands:

class NAME

Defines a login class named NAME
Class names must be unique. Class names may only consist of upper or lower ASCII characters, underscores, dashes, colons and periods.

class NAME includes CHILDREN...

Defines that granting access to class NAME also grants access to CHILDREN classes.

class desktop

class floppy

class cdrom

class desktop includes floppy

class desktop includes cdrom

ongrant CLASS run COMMAND...

Defines that when a user is granted access to class CLASS the command COMMAND is run. The environment variables RES_USER and RES_CLASS are set to the name of the involved user resp. class.

ongrant desktop run /bin/ls

onrevoke CLASS run COMMAND...

Works the same as ongrant but gets executed when access to a class is revoked

allow class acl...

Grants all users matched by the ACL statement access to login class class. Any subsequent access control statements for this class will be ignored.

deny class acl...

Denies all users matched by the ACL statement access to login class class. Any subsequent access control statements for this class will be ignored.

ACL FORMAT

ACLs attached to a login class is made up of one or more match clauses of the format name=value, where name can be one of user, group, tty, rhost or service. value can be a literal value or a glob expression, such as meissner (a user name), /dev/tty[0-9]*, or :* (for matching all logins on a local X display).

These match clauses can be combined using the standard boolean opera- tors &&, ||, and !. Note that !name=value is equivalent to name!=value.

Sub-expressions can be grouped by putting them in brackets.

Usually, an ACL will contain just a single user or group name, but you can specify several, forming an AND clause. When a name is preceded by an exclamation mark, the match result is negated.

For example, the following statements for the login class desktop will deny access to users uucp and news, but grant access to everyone in group wheel, and everyone else as long as they're logged in at the console or a local X11 session:


deny  desktop user=uucp || user=news

allow desktop group=wheel

allow desktop tty=/dev/tty[0-9]* || tty=:0

SEE ALSO

resmgrd(8) resmgr(1)