mirror of
https://github.com/Qortal/Brooklyn.git
synced 2025-01-31 15:22:18 +00:00
79 lines
3.1 KiB
Plaintext
79 lines
3.1 KiB
Plaintext
# Enlightenment System access control file
|
|
#
|
|
# This should be installed as /etc/enlightenment/system.conf if you wish to
|
|
# limit access to enlightenment_system setuid tool. The tool will load this
|
|
# file, if it exists, and abort any kind of execution if the file would not
|
|
# permit the calling user to use it. If this file does not exist, then any
|
|
# user or group will be permitted to run this tool and access its features.
|
|
# This file will be installed
|
|
|
|
# This file is read in order from top to bottom - the first rule to MATCH
|
|
# will be used for a user or a group, and nothing after that is read.
|
|
|
|
# Any user or group NOT matched by an allow or a deny will be ALLOWED to
|
|
# perform the action by default (system administrators should be aware of
|
|
# this and implement whatever policies they see fit). Generally speaking
|
|
# a user of a workstation, desktop or laptop is intended to have such abilities
|
|
# to perform these actions, thus the default of allow. For multi-user systems
|
|
# the system administrator is considered capable enough to restrict what they
|
|
# see they need to.
|
|
|
|
# A WARNING to admins: do NOT allow access for users to this system remotely
|
|
# UNLESS you fully trust them or you have locked down permissions to halt/reboot
|
|
# suspend etc. here first. You have been warned.
|
|
|
|
# FORMAT:
|
|
#
|
|
# user: username allow: rfkill
|
|
# group: groupname deny: *
|
|
# group: * deny: *
|
|
# user: * allow: power
|
|
# user: billy allow: l2ping
|
|
# group: staff deny: backlight
|
|
# ... etc. ...
|
|
#
|
|
# user and group name can use glob matches (* == all for example) like the
|
|
# shell. as can action names allowed or denied.
|
|
#
|
|
# the system to allow at the end is a system name or * for "everything". this
|
|
# is a glob like filenames. systems supported:
|
|
#
|
|
# backlight - core backlight device that maps to a laptop screen or keyboard
|
|
# ddc - external monitor controls like backlight, color correction etc
|
|
# storage - handling of removable media devices
|
|
# power - direct shutdown/reboot/suspend/resume/halt commands
|
|
# rfkill - rf controls for wireless adaptors
|
|
# l2ping - bluetooth pings for paired devices (no payload control)
|
|
# cpufreq - change cpu frequency, governor and similar power controls
|
|
|
|
# root is allowed to do anything - but it needs to be here explicitly anyway
|
|
user: root allow: *
|
|
# members of operator, staff and admin groups should be able to do all
|
|
group: operator allow: *
|
|
group: staff allow: *
|
|
group: admin allow: *
|
|
group: sys allow: *
|
|
group: wheel allow: *
|
|
group: adm allow: *
|
|
# common "user" groups for "console users" on desktops/laptops
|
|
group: dialout allow: *
|
|
group: disk allow: *
|
|
group: adm allow: *
|
|
group: cdrom allow: *
|
|
group: floppy allow: *
|
|
group: audio allow: *
|
|
group: dip allow: *
|
|
group: plugdev allow: *
|
|
group: netdev allow: *
|
|
group: bluetooth allow: *
|
|
group: video allow: *
|
|
group: voice allow: *
|
|
group: fax allow: *
|
|
group: tty allow: *
|
|
group: colord allow: *
|
|
group: input allow: *
|
|
group: sudo allow: *
|
|
|
|
# deny everyone else by default
|
|
user: * deny: *
|