tog-pegasus/access.conf
2023-05-10 10:31:12 +02:00

44 lines
1.7 KiB
Plaintext

##############################################################################
# Pegasus WBEM HTTP/HTTPS Network Service User Access Control Table:
#
# This file controls access to the Pegasus WBEM Network services by users
# with the PAM pam_access module .
#
# The format of the access control table is three fields separated by a
# ":" character:
#
# permission : users : origins
#
# The first field should be a "+" (access granted) or "-" (access denied)
# character.
#
# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.
#
# If you run NIS you can use @netgroupname in host or user patterns; this
# even works for @usergroup@@hostgroup patterns. Weird.
#
# The EXCEPT operator makes it possible to write very compact rules.
#
# The group file is searched only when a name does not match that of the
# logged-in user. Both the user's primary group is matched, as well as
# groups in which users are explicitly listed.
#
# The third field must be 'wbemNetwork', to control access by users from
# remote hosts, or 'wbemLocal', to control access by users from the local host.
##############################################################################
#
# Pegasus PAM Access Rules:
# 1. The Remote host user access rule:
# By default, ONLY the pegasus user can use remote network HTTP/S service:
#
-: ALL EXCEPT pegasus:wbemNetwork
#
#
# 2. The Local host user access rule:
# By default, ONLY the pegasus and root users can use pegasus local HTTP/S service:
#
-: ALL EXCEPT pegasus root:wbemLocal