# this is an example configuration file for the pam_time module. Its syntax # was initially based heavily on that of the shadow package (shadow-960129). # # This configuration file is still used by the logoutd(8) program, so adding # valid lines here will enable that daemon. If this is the first time # editing this file, then you will probably want to start logoutd by # doing: # # /etc/init.d/logoutd start # # The syntax of the lines is as follows: # # services;ttys;users;times # # white space is ignored and lines maybe extended with '\\n' (escaped # newlines). As should be clear from reading these comments, # text following a '#' is ignored to the end of the line. # # the combination of individual users/terminals etc is a logic list # namely individual tokens that are optionally prefixed with '!' (logical # not) and separated with '&' (logical and) and '|' (logical or). # # services # is a logic list of PAM service names that the rule applies to. # Note, this field is ignored by the logoutd program in the login # package. # # ttys # is a logic list of terminal names that this rule applies to. # # users # is a logic list of users to whom this rule applies. # # NB. For these items the simple wildcard '*' may be used only once. # # times # the format here is a logic list of day/time-range # entries the days are specified by a sequence of two character # entries, MoTuSa for example is Monday Tuesday and Saturday. Note # that repeated days are unset MoMo = no day, and MoWk = all weekdays # bar Monday. The two character combinations accepted are # # Mo Tu We Th Fr Sa Su Wk Wd Al # # the last two being week-end days and all 7 days of the week # respectively. As a final example, AlFr means all days except Friday. # # each day/time-range can be prefixed with a '!' to indicate "anything # but" # # The time-range part is two 24-hour times HHMM separated by a hyphen # indicating the start and finish time (if the finish time is smaller # than the start time it is deemed to apply on the following day). # # for a rule to be active, ALL of service+ttys+users must be satisfied # by the applying process. # # # Here is a simple example: running blank on tty* (any ttyXXX device), # the users 'you' and 'me' are denied service all of the time # #blank;tty* & !ttyp*;you|me;!Al0000-2400 # Another silly example, user 'root' is denied xsh access # from pseudo terminals at the weekend and on mondays. #xsh;ttyp*;root;!WdMo0000-2400 # # End of example file. #