PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` # # This is the configuration file for the pam_group module. # # # *** Please note that giving group membership on a session basis is # *** NOT inherently secure. If a user can create an executable that # *** is setgid a group that they are infrequently given membership # *** of, they can basically obtain group membership any time they # *** like. Example: games are allowed between the hours of 6pm and 6am # *** user joe logs in at 7pm writes a small C-program toplay.c that # *** invokes their favorite shell, compiles it and does # *** "chgrp play toplay; chmod g+s toplay". They are basically able # *** to play games any time... You have been warned. AGM # # # The syntax of the lines is as follows: # # services;ttys;users;times;groups # # white space is ignored and lines maybe extended with '\\n' (escaped # newlines). From reading these comments, it is clear that # text following a '#' is ignored to the end of the line. # # the combination of individual users/terminals etc is a logic list # namely individual tokens that are optionally prefixed with '!' (logical # not) and separated with '&' (logical and) and '|' (logical or). # # services # is a logic list of PAM service names that the rule applies to. # # ttys # is a logic list of terminal names that this rule applies to. # # users # is a logic list of users or a netgroup of users to whom this # rule applies. # # NB. For these items the simple wildcard '*' may be used only once. # With netgroups no wildcards or logic operators are allowed. # # times # It is used to indicate "when" these groups are to be given to the # user. The format here is a logic list of day/time-range # entries the days are specified by a sequence of two character # entries, MoTuSa for example is Monday Tuesday and Saturday. Note # that repeated days are unset MoMo = no day, and MoWk = all weekdays # bar Monday. The two character combinations accepted are # # Mo Tu We Th Fr Sa Su Wk Wd Al # # the last two being week-end days and all 7 days of the week # respectively. As a final example, AlFr means all days except Friday. # # Each day/time-range can be prefixed with a '!' to indicate "anything # but" # # The time-range part is two 24-hour times HHMM separated by a hyphen # indicating the start and finish time (if the finish time is smaller # than the start time it is deemed to apply on the following day). # # groups # The (comma or space separated) list of groups that the user # inherits membership of. These groups are added if the previous # fields are satisfied by the user's request # # For a rule to be active, ALL of service+ttys+users must be satisfied # by the applying process. # # # Note, to get this to work as it is currently typed you need # # 1. to run an application as root # 2. add the following groups to the /etc/group file: # floppy, play, sound # # # Here is a simple example: running 'xsh' on tty* (any ttyXXX device), # the user 'us' is given access to the floppy (through membership of # the floppy group) # #xsh;tty*&!ttyp*;us;Al0000-2400;floppy # # another example: running 'xsh' on tty* (any ttyXXX device), # the user 'sword' is given access to games (through membership of # the sound and play group) after work hours. # #xsh; tty* ;sword;!Wk0900-1800;sound, play #xsh; tty* ;*;Al0900-1800;floppy # # yet another example: any member of the group 'admin' running # 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' # #xsh; tty* ;%admin;Al0000-2400;plugdev # # End of group.conf file #