|
Packit |
7e982e |
.\" Copyright 2001 Red Hat, Inc.
|
|
Packit |
7e982e |
.TH pam_console_apply 8 2005/5/2 "Red Hat" "System Administrator's Manual"
|
|
Packit |
7e982e |
.SH NAME
|
|
Packit |
7e982e |
pam_console_apply \- set or revoke permissions for users at the system console
|
|
Packit |
7e982e |
.SH SYNOPSIS
|
|
Packit |
7e982e |
.B pam_console_apply
|
|
Packit |
7e982e |
[-f <fstab file>] [-c <console.perms file>] [-r] [-t <tty>] [-s] [-d] [<device file> ...]
|
|
Packit |
7e982e |
.SH DESCRIPTION
|
|
Packit |
7e982e |
\fBpam_console_apply\fP is a helper executable which sets or resets permissions
|
|
Packit |
7e982e |
on device nodes.
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
If \fI/var/run/console.lock\fP exists, \fBpam_console_apply\fP will grant
|
|
Packit |
7e982e |
permissions to the user listed therein. If the lock file does not exist,
|
|
Packit |
7e982e |
permissions are reset according to defaults set in \fIconsole.perms\fP files,
|
|
Packit |
7e982e |
normally configured to set permissions on devices so that \fBroot\fP
|
|
Packit |
7e982e |
owns them.
|
|
Packit |
7e982e |
|
|
Packit |
7e982e |
When initializing its configuration it first parses
|
|
Packit |
7e982e |
the \fI/etc/security/console.perms\fP file and then it searches for files
|
|
Packit |
7e982e |
ending with the \fI.perms\fP suffix in the \fI/etc/security/console.perms.d\fP
|
|
Packit |
7e982e |
directory. These files are parsed in the lexical order in "C" locale.
|
|
Packit |
7e982e |
Permission rules are appended to a global list, console and device class
|
|
Packit |
7e982e |
definitions override previous definitions of the same class.
|
|
Packit |
7e982e |
.SH ARGUMENTS
|
|
Packit |
7e982e |
.IP -c
|
|
Packit |
7e982e |
Load other console.perms file than the default one.
|
|
Packit |
7e982e |
.IP -f
|
|
Packit |
7e982e |
Load other fstab file than the default one (\fI/etc/fstab\fP).
|
|
Packit |
7e982e |
.IP -r
|
|
Packit |
7e982e |
Signals \fBpam_console_apply\fP to reset permissions. The default is to set
|
|
Packit |
7e982e |
permissions so that the user listed in \fI/var/run/console.lock\fP has access
|
|
Packit |
7e982e |
to the devices, and to reset permissions if no such file exists.
|
|
Packit |
7e982e |
.IP -t
|
|
Packit |
7e982e |
Use <tty> to match console class in console.perms file. The default is tty0.
|
|
Packit |
7e982e |
.IP -s
|
|
Packit |
7e982e |
Write error messages to the system log instead of stderr.
|
|
Packit |
7e982e |
.IP -d
|
|
Packit |
7e982e |
Log/display messages useful for debugging.
|
|
Packit |
7e982e |
.PP
|
|
Packit |
7e982e |
The optional <device file> arguments constrain what files should be affected
|
|
Packit |
7e982e |
by \fBpam_console_apply\fP. If they aren't specified permissions are
|
|
Packit |
7e982e |
changed on all files specified in the \fIconsole.perms\fP file.
|
|
Packit |
7e982e |
.SH FILES
|
|
Packit |
7e982e |
\fI/var/run/console.lock\fP
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
\fI/etc/security/console.perms\fP
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
\fI/etc/security/console.perms.d/50-default.perms\fP
|
|
Packit |
7e982e |
.SH "SEE ALSO"
|
|
Packit |
7e982e |
.BR pam_console(8)
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
.BR console.perms(5)
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
.SH BUGS
|
|
Packit |
7e982e |
Let's hope not, but if you find any, please report them via the "Bug Track"
|
|
Packit |
7e982e |
link at http://bugzilla.redhat.com/bugzilla/
|
|
Packit |
7e982e |
.SH AUTHORS
|
|
Packit |
7e982e |
Nalin Dahyabhai <nalin@redhat.com>, using code shamelessly stolen from parts of
|
|
Packit |
7e982e |
pam_console.
|
|
Packit |
7e982e |
.br
|
|
Packit |
7e982e |
Support of console.perms.d and other improvements by
|
|
Packit |
7e982e |
Tomas Mraz <tmraz@redhat.com>.
|