pool/enlightenment
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
enlightenment/system.conf
Simon Lees f7723ef897 Accepting request 975278 from home:simotek:branches:X11:Enlightenment:Factory 
- Recommend acpid for bindings (Should now remove popup) [boo#1196609]
- system.conf allow all users, this is required because we no
  longer automatically add people to the users group. [boo#1196609]

OBS-URL: https://build.opensuse.org/request/show/975278
OBS-URL: https://build.opensuse.org/package/show/X11:Enlightenment:Factory/enlightenment?expand=0&rev=285
2022-05-06 03:32:05 +00:00

66 lines
2.9 KiB
Plaintext
Raw Permalink Blame History

# Enlightenment System access control file
#
# This version of system.conf has been modified specifically for openSUSE
# you can find the original in /usr/share/enlightenment/doc. The main changes
# are we know that all desktop users are in the users group and we disable
# power and storage as enlightenment will use logind and udisks for these
# on openSUSE systems so we don't need to grant permissions for them.
#
# This should be installed as /etc/enlightenment/system.conf if you wish to
# limit access to enlightenment_system setuid tool. The tool will load this
# file, if it exists, and abort any kind of execution if the file would not
# permit the calling user to use it. If this file does not exist, then any
# user or group will be permitted to run this tool and access its features.
# This file will be installed
# This file is read in order from top to bottom - the first rule to MATCH
# will be used for a user or a group, and nothing after that is read.
# Any user or group NOT matched by an allow or a deny will be ALLOWED to
# perform the action by default (system administrators should be aware of
# this and implement whatever policies they see fit). Generally speaking
# a user of a workstation, desktop or laptop is intended to have such abilities
# to perform these actions, thus the default of allow. For multi-user systems
# the system administrator is considered capable enough to restrict what they
# see they need to.
# A WARNING to admins: do NOT allow access for users to this system remotely
# UNLESS you fully trust them or you have locked down permissions to halt/reboot
# suspend etc. here first. You have been warned.
# FORMAT:
#
# user: username allow: rfkill
# group: groupname deny: *
# group: * deny: *
# user: * allow: power
# user: billy allow: l2ping
# group: staff deny: backlight
# ... etc. ...
#
# user and group name can use glob matches (* == all for example) like the
# shell. as can action names allowed or denied.
#
# the system to allow at the end is a system name or * for "everything". this
# is a glob like filenames. systems supported:
#
# backlight - core backlight device that maps to a laptop screen or keyboard
# ddc - external monitor controls like backlight, color correction etc
# storage - handling of removable media devices
# power - direct shutdown/reboot/suspend/resume/halt commands
# rfkill - rf controls for wireless adaptors
# l2ping - bluetooth pings for paired devices (no payload control)
# cpufreq - change cpu frequency, governor and similar power controls
# root is allowed to do anything - but it needs to be here explicitly anyway
user: root allow: *
# members of operator, staff and admin groups should be able to do all
user: * allow: backlight
user: * allow: ddc
user: * allow: rfkill
user: * allow: l2ping
user: * allow: cpufreq
# deny everyone else by default
user: * deny: *
Reference in New Issue View Git Blame Copy Permalink