resmgr.cong(5)
NAME
resmgr.conf - resource manager configuration file
SYNOPSIS
/etc/resmgr.conf
DESCRIPTION
The file /etc/resmgr.conf defines the resource classes for
the resource manager resmgrd. The minimal configuration
is to define a single resource class, and manage every
thing else dynamically. But you may also define devices
and access control lists in this configuration file.
Everything starting from a hash mark unto the end of the
line is a comment, and is ignored.
COMMANDS
The configuration file can contain the following commands:
- class NAME
- This defines a resource class named NAME. Class
names must be unique. - add device class [flags]
- This adds the specified device to the resource
class class. Optionally, one or more flags can be
specified. - The read-only flag marks the device read-only.
Attempts to open the device for writing will be
refused. - The scsi flag allows clients to ask for the corre
sponding raw SCSI device instead of the device
itself. This is useful for applications such as CD
writers or scanners that need to find and open the
raw SCSI device corresponding to e.g. /dev/cdrom. - allow class acl ...
- This commands grants all users matched by the ACL
statement access to resource class class. Any sub
sequent access control statements for this class
will be ignored. - denies class acl ...
- This commands denies all users matched by the ACL
statement access to resource class class. Any sub
sequent access control statements for this class
will be ignored. - ACL Format
- ACLs attached to a resource class is made up of one or
more match clauses of the format name=value, where name can be one of user, group, or tty. value can be a literal value or a glob expression, such as meissner (a user name), /dev/tty[0-9]*, or :* (for matching all logins on a local X display). - These match clauses can be combined using the standard
boolean operators &&, ||, and !. Note that !name=value is equivalent to name!=value. - Sub-expressions can be grouped by putting them in brack
ets. - Usually, an ACL will contain just a single user or group
name, but you can specify several, forming an AND clause.
When a name is preceded by an exclamation mark, the match
result is negated. - For example, the following statements for the resource
class desktop will deny access to users uucp and news, but grant access to everyone in group wheel, and everyone else
as long as they're logged in at the console or a local X11
session:
deny desktop user=uucp || user=news allow desktop group=wheel allow desktop tty=/dev/tty[0-9]* || tty=:0
SEE ALSO
AUTHOR
- Olaf Kirch <okir@lst.de>