diff options
-rw-r--r-- | doc/server/plugins/generators/account.txt | 95 |
1 files changed, 90 insertions, 5 deletions
diff --git a/doc/server/plugins/generators/account.txt b/doc/server/plugins/generators/account.txt index 3bae157cc..99c35c814 100644 --- a/doc/server/plugins/generators/account.txt +++ b/doc/server/plugins/generators/account.txt @@ -8,11 +8,11 @@ Account The account plugin manages authentication data, including -* /etc/passwd -* /etc/group -* /etc/security/limits.conf -* /etc/sudoers -* /root/.ssh/authorized_keys +* ``/etc/passwd`` +* ``/etc/group`` +* ``/etc/security/limits.conf`` +* ``/etc/sudoers`` +* ``/root/.ssh/authorized_keys`` User access data is stored in three files in the Account directory: @@ -28,3 +28,88 @@ Authentication data is read in from (static|dyn).(passwd|group) The static ones are for system local ones, while the dyn. versions are for external synchronization (from ldap/nis/etc). There is also a static.limits.conf that provides the limits.conf header and any static entries. + +Files in the Account directory: + +``<username>.key`` + + **Format**: The SSH public key for user <username>. + + If the user is in the "rootlike" or "superusers" group, these + keys will be appended to ``/root/.ssh/auth`` + +``useraccess`` + + **Format**: "user:hostname" on each line. + + Describes who may login where (via PAMs + ``/etc/security/limits.conf``). Everybody else will be denied + access.(?) + + **Example**: + + If Alice should be able to access host "foo", Bob should access + "foo" and "bar":: + + alice:foo.example.com + bob:foo.example.com + bob:bar.example.com + +``rootlike`` + + **Format**: "user:hostname" on each line. + + Describes who will be allowed root access where. The user may + login via public key and use sudo. + + **Example**: + + If Chris should be root only on host "foo":: + + chris:foo.example.com + +``superusers`` + + **Format**: usernames, separated by spaces or newlines. (Any whitespace that makes pythons split() happy.) + + Describes who will be allowed root access on all hosts. The user + may login via public key and use sudo. + + **Example**: + + Daniel, Eve and Faith are global admins:: + + daniel eve + faith + +``static.passwd``, ``static.group`` + + **Format**: Lines from ``/etc/passwd`` or ``/etc/group`` + + These entries are appended to the passwd and group files + (in addition to the auto-generated entries from "useraccess", + "rootlike" and "superusers" above) without doing anything else. + +``dyn.passwd``, ``dyn.group`` + + **Format**: Lines from ``/etc/passwd`` or ``/etc/group`` + + Similar to "static.*" above, but for entries that are managed "on + the network" (yp, LDAP, ...), so it is most likely periodically + (re)filled. + +``static.limits.conf`` + + **Format**: Lines from ``/etc/security/limit.conf`` + + These limits will be appended to limits.conf (in addition to + the auto-generated entries from "useraccess", "rootlike" and + "superusers" above). + +``static.sudoers`` + + **Format**: Lines from ``/etc/sudoers`` + + These lines will be appended to to sudoers file (in addition + to the auto-generated entries from "useraccess", "rootlike" and + "superusers" above). |