�PNG  IHDR��;���IDATx��ܻn�0���K�� �)(�pA��� ���7�LeG{�� �§㻢|��ذaÆ 6lذaÆ 6lذaÆ 6lom��$^�y���ذag�5bÆ 6lذaÆ 6lذa{���� 6lذaÆ �`����}H�Fkm�,�m����Ӫ���ô�ô!� �x�|'ܢ˟;�E:���9�&ᶒ�}�{�v]�n&�6� �h��_��t�ڠ͵-ҫ���Z;��Z$�.�P���k�ž)�!��o���>}l�eQfJ�T��u і���چ��\��X=8��Rن4`Vw�l�>����n�G�^��i�s��"ms�$�u��i��?w�bs[m�6�K4���O���.�4��%����/����b�C%��t ��M�ז� �-l�G6�mrz2���s�%�9��s@���-�k�9�=���)������k�B5����\��+͂�Zsٲ ��Rn��~G���R���C����� �wIcI��n7jJ���hۛNCS|���j0��8y�iHKֶۛ�k�Ɉ+;Sz������L/��F�*\��Ԕ�#"5��m�2��[S��������=�g��n�a�P�e�ғ�L�� lذaÆ 6l�^k��̱aÆ 6lذaÆ 6lذa;���� �_��ذaÆ 6lذaÆ 6lذaÆ ���R���IEND�B` # # This is the configuration file for the pam_group module. # # # *** Please note that giving group membership on a session basis is # *** NOT inherently secure. If a user can create an executable that # *** is setgid a group that they are infrequently given membership # *** of, they can basically obtain group membership any time they # *** like. Example: games are allowed between the hours of 6pm and 6am # *** user joe logs in at 7pm writes a small C-program toplay.c that # *** invokes their favorite shell, compiles it and does # *** "chgrp play toplay; chmod g+s toplay". They are basically able # *** to play games any time... You have been warned. AGM # # # The syntax of the lines is as follows: # # services;ttys;users;times;groups # # white space is ignored and lines maybe extended with '\\n' (escaped # newlines). From reading these comments, it is clear that # text following a '#' is ignored to the end of the line. # # the combination of individual users/terminals etc is a logic list # namely individual tokens that are optionally prefixed with '!' (logical # not) and separated with '&' (logical and) and '|' (logical or). # # services # is a logic list of PAM service names that the rule applies to. # # ttys # is a logic list of terminal names that this rule applies to. # # users # is a logic list of users or a netgroup of users to whom this # rule applies. # # NB. For these items the simple wildcard '*' may be used only once. # With netgroups no wildcards or logic operators are allowed. # # times # It is used to indicate "when" these groups are to be given to the # user. The format here is a logic list of day/time-range # entries the days are specified by a sequence of two character # entries, MoTuSa for example is Monday Tuesday and Saturday. Note # that repeated days are unset MoMo = no day, and MoWk = all weekdays # bar Monday. The two character combinations accepted are # # Mo Tu We Th Fr Sa Su Wk Wd Al # # the last two being week-end days and all 7 days of the week # respectively. As a final example, AlFr means all days except Friday. # # Each day/time-range can be prefixed with a '!' to indicate "anything # but" # # The time-range part is two 24-hour times HHMM separated by a hyphen # indicating the start and finish time (if the finish time is smaller # than the start time it is deemed to apply on the following day). # # groups # The (comma or space separated) list of groups that the user # inherits membership of. These groups are added if the previous # fields are satisfied by the user's request # # For a rule to be active, ALL of service+ttys+users must be satisfied # by the applying process. # # # Note, to get this to work as it is currently typed you need # # 1. to run an application as root # 2. add the following groups to the /etc/group file: # floppy, play, sound # # # Here is a simple example: running 'xsh' on tty* (any ttyXXX device), # the user 'us' is given access to the floppy (through membership of # the floppy group) # #xsh;tty*&!ttyp*;us;Al0000-2400;floppy # # another example: running 'xsh' on tty* (any ttyXXX device), # the user 'sword' is given access to games (through membership of # the sound and play group) after work hours. # #xsh; tty* ;sword;!Wk0900-1800;sound, play #xsh; tty* ;*;Al0900-1800;floppy # # yet another example: any member of the group 'admin' running # 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' # #xsh; tty* ;%admin;Al0000-2400;plugdev # # End of group.conf file #