man resmgr.conf (Formats) - resource manager configuration file
NAME
resmgr.conf - resource manager configuration file
SYNOPSIS
/etc/resmgr.conf
DESCRIPTION
The file /etc/resmgr.conf defines the resource classes for the resource manager resmgrd. The minimal configuration is to define a single resource class, and manage everything else dynamically. But you may also define devices and access control lists in this configuration file.
Everything starting from a hash mark unto the end of the line is a comment, and is ignored.
COMMANDS
The configuration file can contain the following commands:
- class NAME
- This defines a resource class named NAME. Class names must be unique.
- add"deviceclass[flags]
- This adds the specified device to the resource class class. Optionally, one or more flags can be specified.
- The read-only flag marks the device read-only. Attempts to open the device for writing will be refused.
- The scsi flag allows clients to ask for the corresponding raw SCSI device instead of the device itself. This is useful for applications such as CD writers or scanners that need to find and open the raw SCSI device corresponding to e.g. /dev/cdrom.
- allow"classacl...
- This commands grants all users matched by the ACL statement access to resource class class. Any subsequent access control statements for this class will be ignored.
- denies"classacl...
- This commands denies all users matched by the ACL statement access to resource class class. Any subsequent access control statements for this class will be ignored.
ACL Format
ACLs attached to a resource class is made up of one or more match clauses of the format name=value, where name can be one of user, group, or tty. value can be a literal value or a glob expression, such as meissner (a user name), /dev/tty[0-9]*, or :* (for matching all logins on a local X display).
These match clauses can be combined using the standard boolean operators &&, ||, and !. Note that !name=value is equivalent to name!=value.
Sub-expressions can be grouped by putting them in brackets.
Usually, an ACL will contain just a single user or group name, but you can specify several, forming an AND clause. When a name is preceded by an exclamation mark, the match result is negated.
For example, the following statements for the resource class desktop will deny access to users uucp and news, but grant access to everyone in group wheel, and everyone else as long as they're logged in at the console or a local X11 session:
"deny desktop user=uucp || user=news "allow desktop group=wheel "allow desktop tty=/dev/tty[0-9]* || tty=:0
SEE ALSO
AUTHOR
Olaf Kirch <okir@lst.de>