You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
1.9 KiB
70 lines
1.9 KiB
# This is the default set of devices people logged in on the desktop get
|
|
# access to:
|
|
class desktop
|
|
#
|
|
# Standard multimedia devices
|
|
add /dev/audio desktop
|
|
add /dev/mixer desktop
|
|
add /dev/dsp desktop
|
|
add /dev/sequencer desktop
|
|
add /dev/video desktop
|
|
#
|
|
# Modem device
|
|
add /dev/modem desktop
|
|
#
|
|
# CD-ROMs - giving permission to open the corresponding SCSI
|
|
# device is highly useful for CD writers such as cdrecord.
|
|
add /dev/cdrom desktop scsi paride
|
|
add /dev/cdrom1 desktop scsi paride
|
|
add /dev/cdrecorder desktop scsi
|
|
add /dev/dvd desktop scsi paride
|
|
add /dev/dvd1 desktop scsi paride
|
|
add /dev/sr0 desktop scsi
|
|
add /dev/sr1 desktop scsi
|
|
add /dev/sr2 desktop scsi
|
|
add /dev/sr3 desktop scsi
|
|
#
|
|
# Dito for SCSI scanners, which all use /dev/scanner symlink.
|
|
add /dev/scanner desktop scsi
|
|
#
|
|
# And USB scanners.
|
|
add /dev/usbscanner desktop
|
|
add /dev/usb/scanner desktop
|
|
add /dev/usb/scanner0 desktop
|
|
add /dev/usb/scanner1 desktop
|
|
add /dev/usb/scanner2 desktop
|
|
add /dev/usb/scanner3 desktop
|
|
add /dev/usb/scanner4 desktop
|
|
add /dev/usb/scanner5 desktop
|
|
add /dev/usb/scanner6 desktop
|
|
add /dev/usb/scanner7 desktop
|
|
#
|
|
# make /dev/console accessible read-only
|
|
add /dev/console desktop read-only
|
|
|
|
#
|
|
# This rule grants access to users logged in locally
|
|
#
|
|
allow desktop tty=/dev/tty[1-9]* || tty=tty[1-9]* || tty=:0
|
|
|
|
# For serial gphoto cameras.
|
|
# add /dev/ttyS0 desktop
|
|
# add /dev/ttyS1 desktop
|
|
#
|
|
# Sample rules, do not enable by default:
|
|
#
|
|
# This rule denies access to users uucp and news
|
|
#
|
|
# deny desktop user=uucp || user=news
|
|
#
|
|
# This rule gives access to all members of group wheel
|
|
#
|
|
# allow desktop group=wheel
|
|
#
|
|
# To make resmgr work with ssh, for instance, add the following
|
|
# line to /etc/pam.d/ssh:
|
|
# session optional pam_resmgr.so fake_ttyname
|
|
# When a user logs in, a resmgr session will be opened, and
|
|
# access will be granted automaticially to all resource classes
|
|
# matched via access control statements in resmgr.conf.
|