REDROOM
PHP 7.4.33
Path:
Logout
Edit File
Size: 4.46 KB
Close
/etc/security/access.conf
Text
Base64
# Login access control table. # # Comment line must start with "#", no space at front. # Order of lines is important. # # When someone logs in, the table is scanned for the first entry that # matches the (user, host) combination, or, in case of non-networked # logins, the first entry that matches the (user, tty) combination. The # permissions field of that table entry determines whether the login will # be accepted or refused. # # Format of the login access control table is three fields separated by a # ":" character: # # [Note, if you supply a 'fieldsep=|' argument to the pam_access.so # module, you can change the field separation character to be # '|'. This is useful for configurations where you are trying to use # pam_access with X applications that provide PAM_TTY values that are # the display variable like "host:0".] # # permission:users:origins # # The first field should be a "+" (access granted) or "-" (access denied) # character. # # The second field should be a list of one or more login names, group # names, or ALL (always matches). A pattern of the form user@host is # matched when the login name matches the "user" part, and when the # "host" part matches the local machine name. # # The third field should be a list of one or more tty names (for # non-networked logins), host names, domain names (begin with "."), host # addresses, internet network numbers (end with "."), ALL (always # matches), NONE (matches no tty on non-networked logins) or # LOCAL (matches any string that does not contain a "." character). # # You can use @netgroupname in host or user patterns; this even works # for @usergroup@@hostgroup patterns. # # The EXCEPT operator makes it possible to write very compact rules. # # The group file is searched only when a name does not match that of the # logged-in user. Both the user's primary group is matched, as well as # groups in which users are explicitly listed. # To avoid problems with accounts, which have the same name as a group, # you can use brackets around group names '(group)' to differentiate. # In this case, you should also set the "nodefgroup" option. # # TTY NAMES: Must be in the form returned by ttyname(3) less the initial # "/dev" (e.g. tty1 or vc/1) # ############################################################################## # # Disallow non-root logins on tty1 # #-:ALL EXCEPT root:tty1 # # Disallow console logins to all but a few accounts. # #-:ALL EXCEPT wheel shutdown sync:LOCAL # # Same, but make sure that really the group wheel and not the user # wheel is used (use nodefgroup argument, too): # #-:ALL EXCEPT (wheel) shutdown sync:LOCAL # # Disallow non-local logins to privileged accounts (group wheel). # #-:wheel:ALL EXCEPT LOCAL .win.tue.nl # # Some accounts are not allowed to login from anywhere: # #-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL # # All other accounts are allowed to login from anywhere. # ############################################################################## # All lines from here up to the end are building a more complex example. ############################################################################## # # User "root" should be allowed to get access via cron .. tty5 tty6. #+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # # User "root" should be allowed to get access from hosts with ip addresses. #+:root:192.168.200.1 192.168.200.4 192.168.200.9 #+:root:127.0.0.1 # # User "root" should get access from network 192.168.201. # This term will be evaluated by string matching. # comment: It might be better to use network/netmask instead. # The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0 #+:root:192.168.201. # # User "root" should be able to have access from domain. # Uses string matching also. #+:root:.foo.bar.org # # User "root" should be denied to get access from all other sources. #-:root:ALL # # User "foo" and members of netgroup "nis_group" should be # allowed to get access from all sources. # This will only work if netgroup service is available. #+:@nis_group foo:ALL # # User "john" should get access from ipv4 net/mask #+:john:127.0.0.0/24 # # User "john" should get access from ipv4 as ipv6 net/mask #+:john:::ffff:127.0.0.0/127 # # User "john" should get access from ipv6 host address #+:john:2001:4ca0:0:101::1 # # User "john" should get access from ipv6 host address (same as above) #+:john:2001:4ca0:0:101:0:0:0:1 # # User "john" should get access from ipv6 net/mask #+:john:2001:4ca0:0:101::/64 # # All other users should be denied to get access from all sources. #-:ALL:ALL
Save
Close
Exit & Reset
Text mode: syntax highlighting auto-detects file type.
Directory Contents
Dirs: 5 × Files: 15
Delete Selected
Select All
Select None
Sort:
Name
Size
Modified
Enable drag-to-move
Name
Size
Perms
Modified
Actions
console.apps
DIR
-
drwxr-xr-x
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
console.perms.d
DIR
-
drwxr-xr-x
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
limits.d
DIR
-
drwxr-xr-x
2025-07-01 15:25:10
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
namespace.d
DIR
-
drwxr-xr-x
2025-07-01 15:25:11
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
pwquality.conf.d
DIR
-
drwxr-xr-x
2023-04-01 18:24:16
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
access.conf
4.46 KB
lrw-r--r--
2025-07-01 15:25:06
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
chroot.conf
82 B
lrw-r--r--
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
console.handlers
624 B
lrw-r--r--
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
console.perms
939 B
lrw-r--r--
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
faillock.conf
2.18 KB
lrw-r--r--
2025-07-01 15:25:07
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
group.conf
3.55 KB
lrw-r--r--
2025-07-01 15:25:09
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
limits.conf
2.37 KB
lrw-r--r--
2025-07-01 15:25:10
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
namespace.conf
1.41 KB
lrw-r--r--
2025-07-01 15:25:11
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
namespace.init
1018 B
lrwxr-xr-x
2025-07-01 15:25:11
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
opasswd
0 B
lrw-------
2025-07-01 15:25:19
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
pam_env.conf
2.90 KB
lrw-r--r--
2025-07-01 15:25:08
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
pwhistory.conf
517 B
lrw-r--r--
2025-07-01 15:25:12
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
pwquality.conf
2.61 KB
lrw-r--r--
2020-08-03 10:30:48
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
sepermit.conf
419 B
lrw-r--r--
2025-07-01 15:25:14
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
time.conf
2.13 KB
lrw-r--r--
2025-07-01 15:25:15
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
Zip Selected
If ZipArchive is unavailable, a
.tar
will be created (no compression).