From 101383e1cd9dd6e4d4f3ba8064de3a2ca1130835 Mon Sep 17 00:00:00 2001 From: Sol Jerome Date: Sat, 22 Jan 2011 14:09:25 -0600 Subject: doc: Add Account plugin documentation from m4z Signed-off-by: Sol Jerome --- doc/server/plugins/generators/account.txt | 95 +++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 5 deletions(-) diff --git a/doc/server/plugins/generators/account.txt b/doc/server/plugins/generators/account.txt index 3bae157cc..99c35c814 100644 --- a/doc/server/plugins/generators/account.txt +++ b/doc/server/plugins/generators/account.txt @@ -8,11 +8,11 @@ Account The account plugin manages authentication data, including -* /etc/passwd -* /etc/group -* /etc/security/limits.conf -* /etc/sudoers -* /root/.ssh/authorized_keys +* ``/etc/passwd`` +* ``/etc/group`` +* ``/etc/security/limits.conf`` +* ``/etc/sudoers`` +* ``/root/.ssh/authorized_keys`` User access data is stored in three files in the Account directory: @@ -28,3 +28,88 @@ Authentication data is read in from (static|dyn).(passwd|group) The static ones are for system local ones, while the dyn. versions are for external synchronization (from ldap/nis/etc). There is also a static.limits.conf that provides the limits.conf header and any static entries. + +Files in the Account directory: + +``.key`` + + **Format**: The SSH public key for user . + + If the user is in the "rootlike" or "superusers" group, these + keys will be appended to ``/root/.ssh/auth`` + +``useraccess`` + + **Format**: "user:hostname" on each line. + + Describes who may login where (via PAMs + ``/etc/security/limits.conf``). Everybody else will be denied + access.(?) + + **Example**: + + If Alice should be able to access host "foo", Bob should access + "foo" and "bar":: + + alice:foo.example.com + bob:foo.example.com + bob:bar.example.com + +``rootlike`` + + **Format**: "user:hostname" on each line. + + Describes who will be allowed root access where. The user may + login via public key and use sudo. + + **Example**: + + If Chris should be root only on host "foo":: + + chris:foo.example.com + +``superusers`` + + **Format**: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.) + + Describes who will be allowed root access on all hosts. The user + may login via public key and use sudo. + + **Example**: + + Daniel, Eve and Faith are global admins:: + + daniel eve + faith + +``static.passwd``, ``static.group`` + + **Format**: Lines from ``/etc/passwd`` or ``/etc/group`` + + These entries are appended to the passwd and group files + (in addition to the auto-generated entries from "useraccess", + "rootlike" and "superusers" above) without doing anything else. + +``dyn.passwd``, ``dyn.group`` + + **Format**: Lines from ``/etc/passwd`` or ``/etc/group`` + + Similar to "static.*" above, but for entries that are managed "on + the network" (yp, LDAP, ...), so it is most likely periodically + (re)filled. + +``static.limits.conf`` + + **Format**: Lines from ``/etc/security/limit.conf`` + + These limits will be appended to limits.conf (in addition to + the auto-generated entries from "useraccess", "rootlike" and + "superusers" above). + +``static.sudoers`` + + **Format**: Lines from ``/etc/sudoers`` + + These lines will be appended to to sudoers file (in addition + to the auto-generated entries from "useraccess", "rootlike" and + "superusers" above). -- cgit v1.2.3-1-g7c22