-
Notifications
You must be signed in to change notification settings - Fork 0
/
calife.auth.5.in
101 lines (101 loc) · 2.33 KB
/
calife.auth.5.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
.\" Copyright (c) 1991, 2008 Ollivier Robert
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted under the GNU General Public Licence.
.\" Look into the COPYING file.
.\"
.\" @(#) $Id: calife.auth.5.in,v 25570e2f1dfc 2014/09/05 21:08:02 roberto $
.\""
.Dd September 25, 1994
.Dt CALIFE.AUTH 5
.Os
.Sh NAME
.Nm calife.auth
.Nd format of the calife authorization file
.Sh DESCRIPTION
The
.Nm calife.auth
files are files consisting of newline separated records, one per user,
containing three colon (``:'') separated fields. These fields are as
follows:
.Pp
.Bl -tag -width shell -offset indent
.It Ar name
User's login name /
.Ar @group /
.Ar %group .
.It Ar shell
User's shell
.It Ar user1,user2,...,usern
List of logins allowed for the user name
.El
.Pp
The
.Ar name
field is the login used to access the computer account.
.Pp
The login name must never begin with a hyphen (``-''); also, it is strongly
suggested that neither upper-case characters or dots (``.'') be part
of the name, as this tends to confuse mailers. No field may contain a
colon (``:'') as this has been used historically to separate the fields
in the user database.
.Pp
One alternative syntax is to use
.Ar @group
to specify that any user in the given
.Ar group
is allowed to use
.Nm calife
to become root. Alternative syntax using
.Ar %group
is also allowed just like
.Nm sudo .
.Pp
The
.Ar shell
field is the command interpreter the user prefers.
If there is nothing in the
.Ar shell
field, the user's current shell as found in the
.Pq Pa /etc/passwd
file is assumed.
.Pp
If the
.Ar shell
field is '*', then the account is considered as
.Ar locked
and access is denied.
.Pp
If the third parameter is specified, it is assumed to be the list of
login the current user has the right to become. It enables use of
.Nm calife
for non-root only accounts.
.Pp
.Nm calife.auth
is placed in
.Ar @ETCDIR@ .
.Sh EXAMPLE
.Bd -literal
# calife.auth-dist
#
# Format
#
# name[:shell_to_be_run][:user1,user2,usern]
#
fcb
roberto:/bin/tcsh
pb::guest,blaireau
%wheel
.Ed
.Sh SEE ALSO
.Xr calife 1 ,
.Xr su 1
.Sh HISTORY
A
.Nm
file format appeared in DG/UX and SunOS, written for Antenne 2 in 1991. It
has evolved with the extra shell specification. The login list was
reintroduced in 2.7.
.Sh AUTHOR
Ollivier Robert <[email protected]>