lcfg-auth - LCFG auth component
This documentation refers to lcfg-auth version 1.2.1
This component contructs all the basic authorization files allowing access to the machine. This includes /etc/passwd, /etc/group, /etc/hosts.equiv and /root/.rhosts.
A list of rules for the accessconf file. See access.conf(5) and pam_access(8) for details of the possible types of rules.
The definition for the access rule associated with tag.
The base file used to populate /etc/group.
The base file used to populate /etc/passwd.
This is a list of console file and device classes to be defined in the consoleperms file. See console.perms(5) and pam_console(8) for further details.
This is the definition for the class associated with tag.
This is a list of rules for the file and device classes defined in consolepermclasses.
This is the definition for the rule associated with tag.
A (space-separated) list of items to be added to the hosts.equiv file. See hosts.equiv(5) for full details.
A list of passwd entries tags to be added to /etc/passwd. There are two ways to specify the contents of the passwd file entry. Either specify the complete string using the pwent resource or specify each of the fields separately. For backwards compatibility reasons any setting of the pwent resource means the individual field resources are ignored for that tag.
A complete additional passwd file entry. If this is set then any settings of resources for the individual fields (listed below) will be ignored for that tag.
The username field for a passwd file entry. If this is not specified then the username will be the LCFG tag.
The passwd field for a passwd file entry. By default this is set to * (asterisk) to prevent logins.
The uid field for a passwd file entry. If this is specified it must be a positive integer. When adding users via the separate resources this field MUST be specified.
The gid field for a passwd file entry. If this is specified it must be a positive integer. When adding users via the separate resources this field MUST be specified.
The gecos field for a passwd file entry.
The home directory field for a passwd file entry. When adding users via the separate resources this field MUST be specified.
The shell field for a passwd file entry. When adding users via the separate resources this field MUST be specified.
A list of group entries tags to be added to /etc/group. There are two ways to specify the contents of the group file entry. Either specify the complete string using the grpent resource or specify each of the fields separately. For backwards compatibility reasons any setting of the grpent resource means the individual field resources are ignored for that tag.
An additional group entry. If this is set then any settings of resources for the individual fields (listed below) will be ignored for that tag.
The group name field for a group file entry. If this is not specified then the group name will be the LCFG tag.
The passwd field for a group file entry. By default this is set to x.
The gid field for a group file entry. If this is specified it must be a positive integer. When adding groups via the separate resources this field MUST be specified.
This is the list of members for a group file entry. Unlike the standard Unix group file format this list MAY contain spaces. Any spaces will be translated into commas before the entry is added to the group file. This makes it much easier to manipulate the list using the standard LCFG mutators such as mADD and mREMOVE.
This boolean controls whether the component manages the /etc/passwd and /etc/shadow files. It defaults to "true".
A (space-separated) list of workstation owners. Valid usernames in this list will be added to the accessconf file.
List of devices (eg disks) which should not be added to the consoleperms file. Normally set to the same value as the fstab.disks resource. Note that the device entry should be shortform (eg hda rather than /dev/hda).
A (space separated) list of items to be added to the hostsequivfile file. See pam_rhosts(8) for full details.
The encrypted root password.
A (space-separated) list of entries to populate the securettyfile file. See securetty(5) for full details.
This is a boolean resource, if set to yes (the default), the component will convert the passwd file files to the more secure shadow equivalent.
If non-null, specifies the chmod protection mask to be applied to /tmp.
A (space-separated) list of users or netgroups to be added to the accessconf file. See access.conf(5) and pam_access(8) for full details.
If non-null, specifies the chmod protection mask to be applied to /var/tmp.
This is the location of the console.perms file, the default is /etc/security/console.perms. This is the control file which determines the permissions that will be given to privileged users of the console at login time, and the permissions to which to revert when the users log out. This is used by the pam_console PAM module.
This is the location of the access.conf file, the default is /etc/security/access.conf. When a user logs in this file is scanned for the fitst entry which matches for the user, the permissions field controls whether the login is accepted or rejected. This is used by the pam_access PAM module.
This is the location of the securetty file, the default is /etc/securetty. This file contains a list of device names of tty lines on which root is allowed to login.
This is the location of the hosts.equiv file, the default is /etc/hosts.equiv. This file may contain a list of hosts and users that are granted "trusted" r-command access to your system
This is the location of the rhosts file for root, the default is /root/.rhosts. This is used by the pam_rhosts PAM module.
This controls the existence of the /etc/nologin file. If you are using the pam_nologin PAM module then normal users (i.e. not root) will be prevented from logging into a machine when this file exists. The value of this resource will become the literal contents of the file and that is displayed to any user who attempts to login.
This is the list of platforms on which we have tested this software. We expect this software to work on any Unix-like platform which is supported by Perl.
Scientific5, Scientific6, Fedora13
Please report any problems to bugs@lcfg.org, feedback and patches are also always very welcome.
Alastair Scobie <ascobie@inf.ed.ac.uk>, Stephen Quinney <squinney@inf.ed.ac.uk>
Copyright (C) 2008-2009 University of Edinburgh. All rights reserved.This library is free software; you can redistribute it and/or modify it under the terms of the GPL, version 2 or later.