blob: a6294c709d8ca3f7bea26b9b4acc3b32fe5967f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# This is the default set of devices people logged in on the desktop get
# access to:
class desktop
#
# Standard multimedia devices
add /dev/audio desktop
add /dev/mixer desktop
add /dev/dsp desktop
add /dev/sequencer desktop
add /dev/video desktop
#
# Modem device
add /dev/modem desktop
#
# CD-ROMs - giving permission to open the corresponding SCSI
# device is highly useful for CD writers such as cdrecord.
add /dev/cdrom desktop scsi paride
add /dev/cdrom1 desktop scsi paride
add /dev/cdrecorder desktop scsi
add /dev/dvd desktop scsi paride
add /dev/dvd1 desktop scsi paride
add /dev/sr0 desktop scsi
add /dev/sr1 desktop scsi
add /dev/sr2 desktop scsi
add /dev/sr3 desktop scsi
#
# Dito for SCSI scanners, which all use /dev/scanner symlink.
add /dev/scanner desktop scsi
#
# And USB scanners.
add /dev/usbscanner desktop
add /dev/usb/scanner desktop
add /dev/usb/scanner0 desktop
add /dev/usb/scanner1 desktop
add /dev/usb/scanner2 desktop
add /dev/usb/scanner3 desktop
add /dev/usb/scanner4 desktop
add /dev/usb/scanner5 desktop
add /dev/usb/scanner6 desktop
add /dev/usb/scanner7 desktop
#
# make /dev/console accessible read-only
add /dev/console desktop read-only
#
# This rule grants access to users logged in locally
#
allow desktop tty=/dev/tty[1-9]* || tty=tty[1-9]* || tty=:0
# For serial gphoto cameras.
# add /dev/ttyS0 desktop
# add /dev/ttyS1 desktop
#
# Sample rules, do not enable by default:
#
# This rule denies access to users uucp and news
#
# deny desktop user=uucp || user=news
#
# This rule gives access to all members of group wheel
#
# allow desktop group=wheel
#
# To make resmgr work with ssh, for instance, add the following
# line to /etc/pam.d/ssh:
# session optional pam_resmgr.so fake_ttyname
# When a user logs in, a resmgr session will be opened, and
# access will be granted automaticially to all resource classes
# matched via access control statements in resmgr.conf.
|
