diff options
| author | Manuel Traut <manut@mecka.net> | 2013-03-10 12:13:49 +0100 |
|---|---|---|
| committer | Manuel Traut <manut@mecka.net> | 2013-03-10 12:13:49 +0100 |
| commit | 9c0f862749f30800837a45aff5abdcb529867dbc (patch) | |
| tree | b0ca51fff64f12fac03aea4afaa1fa722376844b /beagle/debian-rfs/etc/security/access.conf | |
| parent | 33b79c725448efd2c9a72e2ae9a1fb04270492f5 (diff) | |
| parent | cea5039322781f6085dd47954af5584ca3f78911 (diff) | |
Merge branch 'schulung'
updates from current linutronix schulung.git
Conflicts:
Makefile
configpres.tex
flash-memory/ubi/handout_ubi_de.tex
handout.tex
index.txt
pres_master.tex
vorl.tex
vorl1.tex
vorl2.tex
vorl3.tex
vorl4.tex
vorl5.tex
Signed-off-by: Manuel Traut <manut@mecka.net>
Diffstat (limited to 'beagle/debian-rfs/etc/security/access.conf')
| -rw-r--r-- | beagle/debian-rfs/etc/security/access.conf | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/beagle/debian-rfs/etc/security/access.conf b/beagle/debian-rfs/etc/security/access.conf deleted file mode 100644 index 74c5fbe..0000000 --- a/beagle/debian-rfs/etc/security/access.conf +++ /dev/null @@ -1,122 +0,0 @@ -# Login access control table. -# -# Comment line must start with "#", no space at front. -# Order of lines is important. -# -# When someone logs in, the table is scanned for the first entry that -# matches the (user, host) combination, or, in case of non-networked -# logins, the first entry that matches the (user, tty) combination. The -# permissions field of that table entry determines whether the login will -# be accepted or refused. -# -# Format of the login access control table is three fields separated by a -# ":" character: -# -# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so -# module, you can change the field separation character to be -# '|'. This is useful for configurations where you are trying to use -# pam_access with X applications that provide PAM_TTY values that are -# the display variable like "host:0".] -# -# permission : users : origins -# -# The first field should be a "+" (access granted) or "-" (access denied) -# character. -# -# The second field should be a list of one or more login names, group -# names, or ALL (always matches). A pattern of the form user@host is -# matched when the login name matches the "user" part, and when the -# "host" part matches the local machine name. -# -# The third field should be a list of one or more tty names (for -# non-networked logins), host names, domain names (begin with "."), host -# addresses, internet network numbers (end with "."), ALL (always -# matches), NONE (matches no tty on non-networked logins) or -# LOCAL (matches any string that does not contain a "." character). -# -# You can use @netgroupname in host or user patterns; this even works -# for @usergroup@@hostgroup patterns. -# -# The EXCEPT operator makes it possible to write very compact rules. -# -# The group file is searched only when a name does not match that of the -# logged-in user. Both the user's primary group is matched, as well as -# groups in which users are explicitly listed. -# To avoid problems with accounts, which have the same name as a group, -# you can use brackets around group names '(group)' to differentiate. -# In this case, you should also set the "nodefgroup" option. -# -# TTY NAMES: Must be in the form returned by ttyname(3) less the initial -# "/dev" (e.g. tty1 or vc/1) -# -############################################################################## -# -# Disallow non-root logins on tty1 -# -#-:ALL EXCEPT root:tty1 -# -# Disallow console logins to all but a few accounts. -# -#-:ALL EXCEPT wheel shutdown sync:LOCAL -# -# Same, but make sure that really the group wheel and not the user -# wheel is used (use nodefgroup argument, too): -# -#-:ALL EXCEPT (wheel) shutdown sync:LOCAL -# -# Disallow non-local logins to privileged accounts (group wheel). -# -#-:wheel:ALL EXCEPT LOCAL .win.tue.nl -# -# Some accounts are not allowed to login from anywhere: -# -#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL -# -# All other accounts are allowed to login from anywhere. -# -############################################################################## -# All lines from here up to the end are building a more complex example. -############################################################################## -# -# User "root" should be allowed to get access via cron .. tty5 tty6. -#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 -# -# User "root" should be allowed to get access from hosts with ip addresses. -#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9 -#+ : root : 127.0.0.1 -# -# User "root" should get access from network 192.168.201. -# This term will be evaluated by string matching. -# comment: It might be better to use network/netmask instead. -# The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0 -#+ : root : 192.168.201. -# -# User "root" should be able to have access from domain. -# Uses string matching also. -#+ : root : .foo.bar.org -# -# User "root" should be denied to get access from all other sources. -#- : root : ALL -# -# User "foo" and members of netgroup "nis_group" should be -# allowed to get access from all sources. -# This will only work if netgroup service is available. -#+ : @nis_group foo : ALL -# -# User "john" should get access from ipv4 net/mask -#+ : john : 127.0.0.0/24 -# -# User "john" should get access from ipv4 as ipv6 net/mask -#+ : john : ::ffff:127.0.0.0/127 -# -# User "john" should get access from ipv6 host address -#+ : john : 2001:4ca0:0:101::1 -# -# User "john" should get access from ipv6 host address (same as above) -#+ : john : 2001:4ca0:0:101:0:0:0:1 -# -# User "john" should get access from ipv6 net/mask -#+ : john : 2001:4ca0:0:101::/64 -# -# All other users should be denied to get access from all sources. -#- : ALL : ALL |