pam_access matches the hostname in user@host against the system's own hostname, which allows a single access.conf to be shared amongst multiple machines yet still contain per-server rules.
pam_access also allows group names to be optionally enclosed in parentheses to disambiguate them from user names. Signed-off-by: Michael Chapman <[email protected]> --- lenses/access.aug | 15 ++++++++++++--- lenses/tests/test_access.aug | 7 +++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/lenses/access.aug b/lenses/access.aug index 3f1d948..5cb77fc 100644 --- a/lenses/access.aug +++ b/lenses/access.aug @@ -50,9 +50,18 @@ let access = label "access" . store /[+-]/ let user_re = Rx.word - /[Ee][Xx][Cc][Ee][Pp][Tt]/ (* View: user - * user can be a username or a group + * user can be a username, username@hostname or a group *) -let user = [ label "user" . store user_re ] +let user = [ label "user" + . ( store user_re + | store Rx.word . Util.del_str "@" + . [ label "host" . store Rx.word ] ) ] + +(* View: group + * Format is (GROUP) + *) +let group = [ label "group" + . Util.del_str "(" . store Rx.word . Util.del_str ")" ] (* View: netgroup * Format is @NETGROUP[@@NISDOMAIN] @@ -64,7 +73,7 @@ let netgroup = (* View: user_list * A list of users or netgroups to apply the rule to *) -let user_list = Build.opt_list (user|netgroup) Sep.space +let user_list = Build.opt_list (user|group|netgroup) Sep.space (* View: origin_list * origin_list can be a single ipaddr/originname/domain/fqdn or a list of those values diff --git a/lenses/tests/test_access.aug b/lenses/tests/test_access.aug index 58ef231..d89d61c 100644 --- a/lenses/tests/test_access.aug +++ b/lenses/tests/test_access.aug @@ -3,7 +3,7 @@ module Test_access = let conf = "+ : ALL : LOCAL + : root : localhost.localdomain - : root : 127.0.0.1 .localdomain -+ : root @admins : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 ++ : root alice@server1 @admins (wheel) : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # IP v6 support + : john foo : 2001:4ca0:0:101::1 2001:4ca0:0:101::/64 # Except @@ -25,7 +25,10 @@ test Access.lns get conf = { "origin" = ".localdomain" } } { "access" = "+" { "user" = "root" } + { "user" = "alice" + { "host" = "server1" } } { "netgroup" = "admins" } + { "group" = "wheel" } { "origin" = "cron" } { "origin" = "crond" } { "origin" = ":0" } @@ -64,7 +67,7 @@ test Access.lns put conf after = "+ : ALL : LOCAL + : root : localhost.localdomain - : root : 127.0.0.1 .localdomain -+ : root @admins : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 ++ : root alice@server1 @admins (wheel) : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # IP v6 support + : john foo : 2001:4ca0:0:101::1 2001:4ca0:0:101::/64 # Except -- 1.7.6.4 _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
