From e9fbc77c8f6a396ce9432e3791710e30de6e570b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sun, 13 Feb 2011 18:21:11 +0100 Subject: pam: introduce whitelist and blacklist user list feature This is useful to exclude root from the session logout killings or to limit killing to the selinux guest users. --- man/pam_systemd.xml | 50 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 11 deletions(-) (limited to 'man/pam_systemd.xml') diff --git a/man/pam_systemd.xml b/man/pam_systemd.xml index 6fe6981011..915e0b6014 100644 --- a/man/pam_systemd.xml +++ b/man/pam_systemd.xml @@ -202,17 +202,43 @@ - + - Takes a boolean - argument. If true, all processes - created by the root user (UID 0) during his - session and from his session will be - kept around after he logged out. This - option allows cancelling the effect of - and - for the - root user. + Takes a comma + separated list of user names or + numeric user ids as argument. If this + option is used the effect of the + and + options + will apply only to the listed + users. If this option is not used the + option applies to all local + users. Note that + + takes precedence over this list and is + hence subtracted from the list + specified here. + + + + + + Takes a comma + separated list of user names or + numeric user ids as argument. Users + listed in this argument will not be + subject to the effect of + or + . Note + that that this option takes precedence + over + , and + hence whatever is listed for + + is guaranteed to never be killed by + this PAM module, independent of any + other configuration + setting. @@ -259,7 +285,9 @@ , , , - . + , + , + . -- cgit v1.2.3-54-g00ecf