Parses /etc/security/access.conf
Author: Lorenzo Dalrio lorenzo.dalrio@gmail.com
| Access | Parses /etc/security/access.conf |
| Reference | Some examples of valid entries can be found in access.conf or “man access.conf” |
| License | This file is licensed under the LGPL v2+, like the rest of Augeas. |
| Lens Usage | Sample usage of this lens in augtool |
| Configuration files | This lens applies to /etc/security/access.conf. |
| Examples | The Test_Access file contains various examples and tests. |
| Comments and empty lines | |
| comment | |
| empty | |
| Useful primitives | |
| colon | this is the standard field separator “ : “ |
| ENTRY LINE | |
| access | Allow (+) or deny (-) access |
| identifier_re | Regex for user/group identifiers |
| user_re | Regex for user/netgroup fields |
| user | user can be a username, username@hostname or a group |
| group | Format is (GROUP) |
| netgroup | Format is @NETGROUP[@@NISDOMAIN] |
| user_list | A list of users or netgroups to apply the rule to |
| origin_list | origin_list can be a single ipaddr/originname/domain/fqdn or a list of those values |
| except | The except operator makes it possible to write very compact rules. |
| entry | A valid entry line Definition: |
| LENS & FILTER | |
| lns | The access.conf lens, any amount of |
| filter |
This lens applies to /etc/security/access.conf. See filter.
The Test_Access file contains various examples and tests.
let comment = Util.comment
let empty = Util.empty
this is the standard field separator “ : “
let colon = del (Rx.opt_space . ":" . Rx.opt_space) " : "
Allow (+) or deny (-) access
let access = label "access" . store /[+-]/
Regex for user/group identifiers
let identifier_re = /[A-Za-z0-9_.\\-]+/
Regex for user/netgroup fields
let user_re = identifier_re - /[Ee][Xx][Cc][Ee][Pp][Tt]/
user can be a username, username@hostname or a group
let user = [ label "user" . ( store user_re | store Rx.word . Util.del_str "@" . [ label "host" . store Rx.word ] ) ]
Format is (GROUP)
let group = [ label "group" . Util.del_str "(" . store identifier_re . Util.del_str ")" ]
Format is @NETGROUP[@@NISDOMAIN]
let netgroup = [ label "netgroup" . Util.del_str "@" . store user_re . [ label "nisdomain" . Util.del_str "@@" . store Rx.word ]? ]
A list of users or netgroups to apply the rule to
let user_list = Build.opt_list (user|group|netgroup) Sep.space
origin_list can be a single ipaddr/originname/domain/fqdn or a list of those values
let origin_list = let origin_re = Rx.no_spaces - /[Ee][Xx][Cc][Ee][Pp][Tt]/ in Build.opt_list [ label "origin" . store origin_re ] Sep.space
The except operator makes it possible to write very compact rules.
let except (lns:lens) = [ label "except" . Sep.space . del /[Ee][Xx][Cc][Ee][Pp][Tt]/ "EXCEPT" . Sep.space . lns ]
A valid entry line Definition:
let entry = [ access . colon . user_list . (except user_list)? . colon . origin_list . (except origin_list)? . Util.eol ]
The access.conf lens, any amount of
let lns = (comment|empty|entry) *