1 # ENLIGHTENMENT SYSTEM ACTIONS CONFIGURATION
3 # This is a system configuration for allowing or denying certain users or
4 # groups to be able to do certain actions that involve system restricted
5 # actions such as halt, reboot, suspend, hibernate etc.
7 # This file is read in order from top to bottom - the first rule to MATCH
8 # will be used for a user or a group, and nothing after that is read.
10 # You must put all the ACTION definitons BEFORE user and group rule matches.
11 # Any action definitons after a rule match has been found will be ignored.
12 # This allows actions to be re-defined for different user groups, so matches
13 # so the command for an action can change for matches to the rules later on.
15 # Any user or group NOT matched by an allow or a deny will be ALLOWED to
16 # perform the action by default (system administrators should be aware of
17 # this and implement whatever policies they see fit). Generally speaking
18 # a user of a workstation, desktop or laptop is intended to have such abilities
19 # to perform these actions, thus the default of allow. For multi-user systems
20 # the system administrator is considered capable enough to restrict what they
23 # A WARNING to admins: do NOT allow access for users to this system remotely
24 # UNLESS you fully trust them or you have locked down permissions to halt/reboot
25 # suspend etc. here first. You have been warned.
29 # action: halt /sbin/shutdown -h now
30 # action: reboot /sbin/shutdown -r now
31 # action: suspend /etc/acpi/sleep.sh force
32 # action: hibernate /etc/acpi/hibernate.sh force
34 # user: username allow: halt reboot suspend hibernate
35 # group: groupname deny: *
37 # user: * allow: suspend
38 # user: billy allow: halt reboot
39 # group: staff deny: halt suspend hibernate
43 # user and group name can use glob matches (* == all for example) like the
44 # shell. as can action names allowed or denied.
46 action: halt /sbin/shutdown -h now
47 action: reboot /sbin/shutdown -r now
48 action: suspend @SUSPEND@
49 action: hibernate @HIBERNATE@
51 # on FreeBSD use this instead of the above.
52 #action suspend /usr/sbin/zzz
54 # root is allowed to do anything - but it needs to be here explicitly anyway
56 # members of operator, staff and admin groups should be able to do all
57 group: operator allow: *
61 # common "user" groups for "console users" on desktops/laptops
62 group: dialout allow: *
66 group: floppy allow: *
69 group: plugdev allow: *
70 # put in a list of other users and groups here that are allowed or denied etc.
72 # user: myuser allow: *
73 # user: another allow: suspend hibernate
74 # deny everyone else by default