1 denise.eckstein 1.1 ##############################################################################
2 # Pegasus WBEM HTTP/HTTPS Network Service User Access Control Table:
3 #
4 # This file controls access to the Pegasus WBEM Network services by users
5 # with the PAM pam_access module .
6 #
7 # The format of the access control table is three fields separated by a
8 # ":" character:
9 #
10 # permission : users : origins
11 #
12 # The first field should be a "+" (access granted) or "-" (access denied)
13 # character.
14 #
15 # The second field should be a list of one or more login names, group
16 # names, or ALL (always matches). A pattern of the form user@host is
17 # matched when the login name matches the "user" part, and when the
18 # "host" part matches the local machine name.
19 #
20 # If you run NIS you can use @netgroupname in host or user patterns; this
21 # even works for @usergroup@@hostgroup patterns. Weird.
22 denise.eckstein 1.1 #
23 # The EXCEPT operator makes it possible to write very compact rules.
24 #
25 # The group file is searched only when a name does not match that of the
26 # logged-in user. Both the user's primary group is matched, as well as
27 # groups in which users are explicitly listed.
28 #
29 # The third field must be 'wbemNetwork', to control access by users from
30 # remote hosts, or 'wbemLocal', to control access by users from the local host.
31 ##############################################################################
32 #
33 # Pegasus PAM Access Rules:
34 # 1. The Remote host user access rule:
35 # By default, ONLY the pegasus user can use remote network HTTP/S service:
36 #
37 -: ALL EXCEPT pegasus:wbemNetwork
38 #
39 #
40 # 2. The Local host user access rule:
41 # By default, ONLY the pegasus and root users can use pegasus local HTTP/S service:
42 #
43 denise.eckstein 1.1 -: ALL EXCEPT pegasus root:wbemLocal
44
|