source-git / pam

Clone
Source Code
GIT

Blame modules/pam_console/pam_console_apply.8

c8 c8s master
  1.   c8
  2.   modules
  3.   pam_console
  4.   pam_console_apply.8
Blob History Raw
Packit Service b29381 
.\" Copyright 2001 Red Hat, Inc.
Packit Service b29381 
.TH pam_console_apply 8 2005/5/2 "Red Hat" "System Administrator's Manual"
Packit Service b29381 
.SH NAME
Packit Service b29381 
pam_console_apply \- set or revoke permissions for users at the system console
Packit Service b29381 
.SH SYNOPSIS
Packit Service b29381 
.B pam_console_apply
Packit Service b29381 
[-f <fstab file>] [-c <console.perms file>] [-r] [-t <tty>] [-s] [-d] [<device file> ...]
Packit Service b29381 
.SH DESCRIPTION
Packit Service b29381 
\fBpam_console_apply\fP is a helper executable which sets or resets permissions
Packit Service b29381 
on device nodes.
Packit Service b29381 
.br
Packit Service b29381 
If \fI/var/run/console.lock\fP exists, \fBpam_console_apply\fP will grant
Packit Service b29381 
permissions to the user listed therein.  If the lock file does not exist,
Packit Service b29381 
permissions are reset according to defaults set in \fIconsole.perms\fP files,
Packit Service b29381 
normally configured to set permissions on devices so that \fBroot\fP
Packit Service b29381 
owns them.
Packit Service b29381
Packit Service b29381 
When initializing its configuration it first parses
Packit Service b29381 
the \fI/etc/security/console.perms\fP file and then it searches for files
Packit Service b29381 
ending with the \fI.perms\fP suffix in the \fI/etc/security/console.perms.d\fP
Packit Service b29381 
directory. These files are parsed in the lexical order in "C" locale.
Packit Service b29381 
Permission rules are appended to a global list, console and device class
Packit Service b29381 
definitions override previous definitions of the same class.
Packit Service b29381 
.SH ARGUMENTS
Packit Service b29381 
.IP -c
Packit Service b29381 
Load other console.perms file than the default one.
Packit Service b29381 
.IP -f
Packit Service b29381 
Load other fstab file than the default one (\fI/etc/fstab\fP).
Packit Service b29381 
.IP -r
Packit Service b29381 
Signals \fBpam_console_apply\fP to reset permissions.  The default is to set
Packit Service b29381 
permissions so that the user listed in \fI/var/run/console.lock\fP has access
Packit Service b29381 
to the devices, and to reset permissions if no such file exists.
Packit Service b29381 
.IP -t
Packit Service b29381 
Use <tty> to match console class in console.perms file. The default is tty0.
Packit Service b29381 
.IP -s
Packit Service b29381 
Write error messages to the system log instead of stderr.
Packit Service b29381 
.IP -d
Packit Service b29381 
Log/display messages useful for debugging.
Packit Service b29381 
.PP
Packit Service b29381 
The optional <device file> arguments constrain what files should be affected
Packit Service b29381 
by \fBpam_console_apply\fP. If they aren't specified permissions are
Packit Service b29381 
changed on all files specified in the \fIconsole.perms\fP file.
Packit Service b29381 
.SH FILES
Packit Service b29381 
\fI/var/run/console.lock\fP
Packit Service b29381 
.br
Packit Service b29381 
\fI/etc/security/console.perms\fP
Packit Service b29381 
.br
Packit Service b29381 
\fI/etc/security/console.perms.d/50-default.perms\fP
Packit Service b29381 
.SH "SEE ALSO"
Packit Service b29381 
.BR pam_console(8)
Packit Service b29381 
.br
Packit Service b29381 
.BR console.perms(5)
Packit Service b29381 
.br
Packit Service b29381 
.SH BUGS
Packit Service b29381 
Let's hope not, but if you find any, please report them via the "Bug Track"
Packit Service b29381 
link at http://bugzilla.redhat.com/bugzilla/
Packit Service b29381 
.SH AUTHORS
Packit Service b29381 
Nalin Dahyabhai <nalin@redhat.com>, using code shamelessly stolen from parts of
Packit Service b29381 
pam_console.
Packit Service b29381 
.br
Packit Service b29381 
Support of console.perms.d and other improvements by
Packit Service b29381 
Tomas Mraz <tmraz@redhat.com>.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation