44 lines
1.7 KiB
Plaintext
44 lines
1.7 KiB
Plaintext
##############################################################################
|
|
# Pegasus WBEM HTTP/HTTPS Network Service User Access Control Table:
|
|
#
|
|
# This file controls access to the Pegasus WBEM Network services by users
|
|
# with the PAM pam_access module .
|
|
#
|
|
# The format of the access control table is three fields separated by a
|
|
# ":" character:
|
|
#
|
|
# permission : users : origins
|
|
#
|
|
# The first field should be a "+" (access granted) or "-" (access denied)
|
|
# character.
|
|
#
|
|
# The second field should be a list of one or more login names, group
|
|
# names, or ALL (always matches). A pattern of the form user@host is
|
|
# matched when the login name matches the "user" part, and when the
|
|
# "host" part matches the local machine name.
|
|
#
|
|
# If you run NIS you can use @netgroupname in host or user patterns; this
|
|
# even works for @usergroup@@hostgroup patterns. Weird.
|
|
#
|
|
# The EXCEPT operator makes it possible to write very compact rules.
|
|
#
|
|
# The group file is searched only when a name does not match that of the
|
|
# logged-in user. Both the user's primary group is matched, as well as
|
|
# groups in which users are explicitly listed.
|
|
#
|
|
# The third field must be 'wbemNetwork', to control access by users from
|
|
# remote hosts, or 'wbemLocal', to control access by users from the local host.
|
|
##############################################################################
|
|
#
|
|
# Pegasus PAM Access Rules:
|
|
# 1. The Remote host user access rule:
|
|
# By default, ONLY the pegasus user can use remote network HTTP/S service:
|
|
#
|
|
-: ALL EXCEPT pegasus:wbemNetwork
|
|
#
|
|
#
|
|
# 2. The Local host user access rule:
|
|
# By default, ONLY the pegasus and root users can use pegasus local HTTP/S service:
|
|
#
|
|
-: ALL EXCEPT pegasus root:wbemLocal
|