wok annotate enlightenment-pam/stuff/etc/enlightenment/sysactions.conf @ rev 24905
updated metasploit (5.0.91 -> 6.1.36)
author | Hans-G?nter Theisgen |
---|---|
date | Sat Apr 09 13:21:57 2022 +0100 (2022-04-09) |
parents | |
children |
rev | line source |
---|---|
domcox@14331 | 1 # ENLIGHTENMENT SYSTEM ACTIONS CONFIGURATION |
domcox@14331 | 2 # |
domcox@14331 | 3 # This is a system configuration for allowing or denying certain users or |
domcox@14331 | 4 # groups to be able to do certain actions that involve system restricted |
domcox@14331 | 5 # actions such as halt, reboot, suspend, hibernate etc. |
domcox@14331 | 6 # |
domcox@14331 | 7 # This file is read in order from top to bottom - the first rule to MATCH |
domcox@14331 | 8 # will be used for a user or a group, and nothing after that is read. |
domcox@14331 | 9 # |
domcox@14331 | 10 # You must put all the ACTION definitons BEFORE user and group rule matches. |
domcox@14331 | 11 # Any action definitons after a rule match has been found will be ignored. |
domcox@14331 | 12 # This allows actions to be re-defined for different user groups, so matches |
domcox@14331 | 13 # so the command for an action can change for matches to the rules later on. |
domcox@14331 | 14 # |
domcox@14331 | 15 # Any user or group NOT matched by an allow or a deny will be ALLOWED to |
domcox@14331 | 16 # perform the action by default (system administrators should be aware of |
domcox@14331 | 17 # this and implement whatever policies they see fit). Generally speaking |
domcox@14331 | 18 # a user of a workstation, desktop or laptop is intended to have such abilities |
domcox@14331 | 19 # to perform these actions, thus the default of allow. For multi-user systems |
domcox@14331 | 20 # the system administrator is considerd capable enough to restrict what they |
domcox@14331 | 21 # see they need to. |
domcox@14331 | 22 # |
domcox@14331 | 23 # A WARNING to admins: do NOT allow access for users to this system remotely |
domcox@14331 | 24 # UNLESS you fully trust them or you have locked down permissions to halt/reboot |
domcox@14331 | 25 # suspend etc. here first. You have been warned. |
domcox@14331 | 26 # |
domcox@14331 | 27 # FORMAT: |
domcox@14331 | 28 # |
domcox@14331 | 29 # action: halt /sbin/shutdown -h now |
domcox@14331 | 30 # action: reboot /sbin/shutdown -r now |
domcox@14331 | 31 # action: suspend /etc/acpi/sleep.sh force |
domcox@14331 | 32 # action: hibernate /etc/acpi/hibernate.sh force |
domcox@14331 | 33 # |
domcox@14331 | 34 # user: username allow: halt reboot suspend hibernate |
domcox@14331 | 35 # group: groupname deny: * |
domcox@14331 | 36 # group: * deny: * |
domcox@14331 | 37 # user: * allow: suspend |
domcox@14331 | 38 # user: billy allow: halt reboot |
domcox@14331 | 39 # group: staff deny: halt suspend hibernate |
domcox@14331 | 40 # |
domcox@14331 | 41 # etc. |
domcox@14331 | 42 # |
domcox@14331 | 43 # user and group name can use glob matches (* == all for example) like the |
domcox@14331 | 44 # shell. as can action names allowed or denied. |
domcox@14331 | 45 |
domcox@14331 | 46 action: halt poweroff |
domcox@14331 | 47 action: reboot reboot |
domcox@14331 | 48 action: suspend /usr/sbin/pm-suspend |
domcox@14331 | 49 action: hibernate /usr/sbin/pm-hibernate |
domcox@14331 | 50 |
domcox@14331 | 51 # root is allowed to do anything - but it needs to be here explicitly anyway |
domcox@14331 | 52 user: root allow: * |
domcox@14331 | 53 # members of operator, staff and admin groups should be able to do all |
domcox@14331 | 54 group: operator allow: * |
domcox@14331 | 55 group: staff allow: * |
domcox@14331 | 56 group: admin allow: * |
domcox@14331 | 57 group: sys allow: * |
domcox@14331 | 58 # common "user" groups for "console users" on desktops/laptops |
domcox@14331 | 59 group: dialout allow: * |
domcox@14331 | 60 group: disk allow: * |
domcox@14331 | 61 group: adm allow: * |
domcox@14331 | 62 group: cdrom allow: * |
domcox@14331 | 63 group: floppy allow: * |
domcox@14331 | 64 group: audio allow: * |
domcox@14331 | 65 group: dip allow: * |
domcox@14331 | 66 group: plugdev allow: * |
domcox@14331 | 67 # put in a list of other users and groups here that are allowed or denied etc. |
domcox@14331 | 68 # e.g. |
domcox@14331 | 69 # user: myuser allow: * |
domcox@14331 | 70 # user: another allow: suspend hibernate |
domcox@14331 | 71 # deny everyone else by default |
domcox@14331 | 72 user: * deny: * |
domcox@14331 | 73 user: tux allow: * |