|
Packit Service |
b29381 |
.\" Copyright 1999,2005 Red Hat Software, Inc.
|
|
Packit Service |
b29381 |
.\" Written by Michael K. Johnson <johnsonm@redhat.com>
|
|
Packit Service |
b29381 |
.TH console.perms 5 2005/5/2 "Red Hat Software" "System Administrator's Manual"
|
|
Packit Service |
b29381 |
.SH NAME
|
|
Packit Service |
b29381 |
console.perms \- permissions control file for users at the system console
|
|
Packit Service |
b29381 |
.SH DESCRIPTION
|
|
Packit Service |
b29381 |
/etc/security/console.perms and .perms files in the
|
|
Packit Service |
b29381 |
/etc/security/console.perms.d directory determine the permissions that will be
|
|
Packit Service |
b29381 |
given to priviledged users of the console at login time, and the
|
|
Packit Service |
b29381 |
permissions to which to revert when the users log out. They are
|
|
Packit Service |
b29381 |
read by the pam_console_apply helper executable.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The format is:
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
\f(CR<\fBclass\fR\f(CR>=\fBspace-separated list of words\fR
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
\fBlogin-regexp\fR\fI|\fR\f(CR<\fBlogin-class\fR\f(CR> \fBperm dev-glob\fR\fI|\fR\f(CR<\fBdev-class\fR\f(CR> \e
|
|
Packit Service |
b29381 |
.br
|
|
Packit Service |
b29381 |
\f(CR \fBrevert-mode revert-owner\fR\fI[\fR\fP.revert-group\fI]\fR
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The \fBrevert-mode\fP, \fBrevert-owner\fP, and revert-group fields are optional,
|
|
Packit Service |
b29381 |
and default to \fB0600\fP, \fBroot\fP, and \fBroot\fP, respectively.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The words in a class definition are evaluated as globs if they
|
|
Packit Service |
b29381 |
refer to files, but as regular expressions if they apply to a
|
|
Packit Service |
b29381 |
console definition. Do not mix them.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Any line can be broken and continued on the next line by using a
|
|
Packit Service |
b29381 |
\e character as the last character on the line.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The \fBlogin-class\fP class and the \fBlogin-regexp\fP word are evaluated as
|
|
Packit Service |
b29381 |
regular expressions.
|
|
Packit Service |
b29381 |
The \fBdev-class\fP and the \fBdev-glob\fP word are evaluated as
|
|
Packit Service |
b29381 |
shell-style globs. If a name given corresponds to a directory, and
|
|
Packit Service |
b29381 |
if it is a mount point listed in \fI/etc/fstab\fP, the device node
|
|
Packit Service |
b29381 |
associated with the filesystem mounted at that point will be
|
|
Packit Service |
b29381 |
substituted in its place.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Classes are denoted by being contained in \f(CR<\fR angle bracket \f(CR>\fR
|
|
Packit Service |
b29381 |
characters; a lack of \f(CR<\fR angle brackets \f(CR>\fR indicates that
|
|
Packit Service |
b29381 |
the string is to be taken literally as a \fBlogin-regexp\fP or a
|
|
Packit Service |
b29381 |
\fBdev-glob\fP, depending on its input position.
|
|
Packit Service |
b29381 |
.SH "SEE ALSO"
|
|
Packit Service |
b29381 |
.BR pam_console (8)
|
|
Packit Service |
b29381 |
.br
|
|
Packit Service |
b29381 |
.BR pam_console_apply (8)
|
|
Packit Service |
b29381 |
.br
|
|
Packit Service |
b29381 |
.BR console.apps (5)
|
|
Packit Service |
b29381 |
.SH AUTHOR
|
|
Packit Service |
b29381 |
Michael K. Johnson <johnsonm@redhat.com>
|