wok annotate enlightenment-pam/stuff/etc/enlightenment/sysactions.conf @ rev 24905

updated metasploit (5.0.91 -> 6.1.36)
author Hans-G?nter Theisgen
date Sat Apr 09 13:21:57 2022 +0100 (2022-04-09)
parents
children
rev   line source
domcox@14331 1 # ENLIGHTENMENT SYSTEM ACTIONS CONFIGURATION
domcox@14331 2 #
domcox@14331 3 # This is a system configuration for allowing or denying certain users or
domcox@14331 4 # groups to be able to do certain actions that involve system restricted
domcox@14331 5 # actions such as halt, reboot, suspend, hibernate etc.
domcox@14331 6 #
domcox@14331 7 # This file is read in order from top to bottom - the first rule to MATCH
domcox@14331 8 # will be used for a user or a group, and nothing after that is read.
domcox@14331 9 #
domcox@14331 10 # You must put all the ACTION definitons BEFORE user and group rule matches.
domcox@14331 11 # Any action definitons after a rule match has been found will be ignored.
domcox@14331 12 # This allows actions to be re-defined for different user groups, so matches
domcox@14331 13 # so the command for an action can change for matches to the rules later on.
domcox@14331 14 #
domcox@14331 15 # Any user or group NOT matched by an allow or a deny will be ALLOWED to
domcox@14331 16 # perform the action by default (system administrators should be aware of
domcox@14331 17 # this and implement whatever policies they see fit). Generally speaking
domcox@14331 18 # a user of a workstation, desktop or laptop is intended to have such abilities
domcox@14331 19 # to perform these actions, thus the default of allow. For multi-user systems
domcox@14331 20 # the system administrator is considerd capable enough to restrict what they
domcox@14331 21 # see they need to.
domcox@14331 22 #
domcox@14331 23 # A WARNING to admins: do NOT allow access for users to this system remotely
domcox@14331 24 # UNLESS you fully trust them or you have locked down permissions to halt/reboot
domcox@14331 25 # suspend etc. here first. You have been warned.
domcox@14331 26 #
domcox@14331 27 # FORMAT:
domcox@14331 28 #
domcox@14331 29 # action: halt /sbin/shutdown -h now
domcox@14331 30 # action: reboot /sbin/shutdown -r now
domcox@14331 31 # action: suspend /etc/acpi/sleep.sh force
domcox@14331 32 # action: hibernate /etc/acpi/hibernate.sh force
domcox@14331 33 #
domcox@14331 34 # user: username allow: halt reboot suspend hibernate
domcox@14331 35 # group: groupname deny: *
domcox@14331 36 # group: * deny: *
domcox@14331 37 # user: * allow: suspend
domcox@14331 38 # user: billy allow: halt reboot
domcox@14331 39 # group: staff deny: halt suspend hibernate
domcox@14331 40 #
domcox@14331 41 # etc.
domcox@14331 42 #
domcox@14331 43 # user and group name can use glob matches (* == all for example) like the
domcox@14331 44 # shell. as can action names allowed or denied.
domcox@14331 45
domcox@14331 46 action: halt poweroff
domcox@14331 47 action: reboot reboot
domcox@14331 48 action: suspend /usr/sbin/pm-suspend
domcox@14331 49 action: hibernate /usr/sbin/pm-hibernate
domcox@14331 50
domcox@14331 51 # root is allowed to do anything - but it needs to be here explicitly anyway
domcox@14331 52 user: root allow: *
domcox@14331 53 # members of operator, staff and admin groups should be able to do all
domcox@14331 54 group: operator allow: *
domcox@14331 55 group: staff allow: *
domcox@14331 56 group: admin allow: *
domcox@14331 57 group: sys allow: *
domcox@14331 58 # common "user" groups for "console users" on desktops/laptops
domcox@14331 59 group: dialout allow: *
domcox@14331 60 group: disk allow: *
domcox@14331 61 group: adm allow: *
domcox@14331 62 group: cdrom allow: *
domcox@14331 63 group: floppy allow: *
domcox@14331 64 group: audio allow: *
domcox@14331 65 group: dip allow: *
domcox@14331 66 group: plugdev allow: *
domcox@14331 67 # put in a list of other users and groups here that are allowed or denied etc.
domcox@14331 68 # e.g.
domcox@14331 69 # user: myuser allow: *
domcox@14331 70 # user: another allow: suspend hibernate
domcox@14331 71 # deny everyone else by default
domcox@14331 72 user: * deny: *
domcox@14331 73 user: tux allow: *