| 3 |
- |
1 |
# this is an example configuration file for the pam_time module. Its syntax
|
|
|
2 |
# was initially based heavily on that of the shadow package (shadow-960129).
|
|
|
3 |
#
|
|
|
4 |
# the syntax of the lines is as follows:
|
|
|
5 |
#
|
|
|
6 |
# services;ttys;users;times
|
|
|
7 |
#
|
|
|
8 |
# white space is ignored and lines maybe extended with '\\n' (escaped
|
|
|
9 |
# newlines). As should be clear from reading these comments,
|
|
|
10 |
# text following a '#' is ignored to the end of the line.
|
|
|
11 |
#
|
|
|
12 |
# the combination of individual users/terminals etc is a logic list
|
|
|
13 |
# namely individual tokens that are optionally prefixed with '!' (logical
|
|
|
14 |
# not) and separated with '&' (logical and) and '|' (logical or).
|
|
|
15 |
#
|
|
|
16 |
# services
|
|
|
17 |
# is a logic list of PAM service names that the rule applies to.
|
|
|
18 |
#
|
|
|
19 |
# ttys
|
|
|
20 |
# is a logic list of terminal names that this rule applies to.
|
|
|
21 |
#
|
|
|
22 |
# users
|
|
|
23 |
# is a logic list of users or a netgroup of users to whom this
|
|
|
24 |
# rule applies.
|
|
|
25 |
#
|
|
|
26 |
# NB. For these items the simple wildcard '*' may be used only once.
|
|
|
27 |
#
|
|
|
28 |
# times
|
|
|
29 |
# the format here is a logic list of day/time-range
|
|
|
30 |
# entries the days are specified by a sequence of two character
|
|
|
31 |
# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
|
|
|
32 |
# that repeated days are unset MoMo = no day, and MoWk = all weekdays
|
|
|
33 |
# bar Monday. The two character combinations accepted are
|
|
|
34 |
#
|
|
|
35 |
# Mo Tu We Th Fr Sa Su Wk Wd Al
|
|
|
36 |
#
|
|
|
37 |
# the last two being week-end days and all 7 days of the week
|
|
|
38 |
# respectively. As a final example, AlFr means all days except Friday.
|
|
|
39 |
#
|
|
|
40 |
# each day/time-range can be prefixed with a '!' to indicate "anything
|
|
|
41 |
# but"
|
|
|
42 |
#
|
|
|
43 |
# The time-range part is two 24-hour times HHMM separated by a hyphen
|
|
|
44 |
# indicating the start and finish time (if the finish time is smaller
|
|
|
45 |
# than the start time it is deemed to apply on the following day).
|
|
|
46 |
#
|
|
|
47 |
# for a rule to be active, ALL of service+ttys+users must be satisfied
|
|
|
48 |
# by the applying process.
|
|
|
49 |
#
|
|
|
50 |
|
|
|
51 |
#
|
|
|
52 |
# Here is a simple example: running blank on tty* (any ttyXXX device),
|
|
|
53 |
# the users 'you' and 'me' are denied service all of the time
|
|
|
54 |
#
|
|
|
55 |
|
|
|
56 |
#blank;tty* & !ttyp*;you|me;!Al0000-2400
|
|
|
57 |
|
|
|
58 |
# Another silly example, user 'root' is denied xsh access
|
|
|
59 |
# from pseudo terminals at the weekend and on mondays.
|
|
|
60 |
|
|
|
61 |
#xsh;ttyp*;root;!WdMo0000-2400
|
|
|
62 |
|
|
|
63 |
#
|
|
|
64 |
# End of example file.
|
|
|
65 |
#
|