From 0aea7e667641f075a3efe63b9a35e79e47b82c3d Mon Sep 17 00:00:00 2001
From: Ben Kibbey
allowed=-@primary,username -
would deny all users in group primary
but allow username
-who is a member of primary
.
+multiple groups.
This parameter may also be specified in a filename section to allow or
deny a local user to OPEN
(see OPEN) a data file and has the
same default to allow only the invoking user.
The following example would deny all users in group primary
but
+allow username
who is a member of primary
:
+
allowed=-@primary,username +
When set to false, mlockall(2) will be called on startup. This diff --git a/doc/pwmd.texi b/doc/pwmd.texi index 9edbaa46..b4f58337 100644 --- a/doc/pwmd.texi +++ b/doc/pwmd.texi @@ -286,19 +286,19 @@ to the socket. Groups should be prefixed with a @samp{@@}. When not specified only the invoking user may connect. A username or group name may also be prefixed with a @key{-} to prevent access to a specific user or group in the list. The order of the list is important since a user may be of -multiple groups. For example: - -@example -allowed=-@@primary,username -@end example - -would deny all users in group @code{primary} but allow @code{username} -who is a member of @code{primary}. +multiple groups. This parameter may also be specified in a filename section to allow or deny a local user to @code{OPEN} (@pxref{OPEN}) a data file and has the same default to allow only the invoking user. +The following example would deny all users in group @code{primary} but +allow @code{username} who is a member of @code{primary}: + +@example +allowed=-@@primary,username +@end example + @item disable_mlockall = boolean When set to @var{false}, @cite{mlockall(2)} will be called on startup. This will use more physical memory but may also be more secure since no swapping to -- 2.11.4.GIT