# HG changeset patch # User Christophe Lincoln # Date 1201551908 -3600 # Node ID 09cc4fd32565b3c806c245c8422c86c3db48fb92 # Parent 76785db15d2cef5bad8650c23f8c33a19b8c20ee Modified e17 config file diff -r 76785db15d2c -r 09cc4fd32565 enlightenment/receipt --- a/enlightenment/receipt Mon Jan 28 21:00:10 2008 +0100 +++ b/enlightenment/receipt Mon Jan 28 21:25:08 2008 +0100 @@ -29,7 +29,9 @@ genpkg_rules() { mkdir -p $fs/usr/share/locale - cp -a $_pkg/etc $fs + # Use a modified sysactions.conf + cp -a stuff/etc $fs + cp -a $_pkg/usr/bin $fs/usr cp -a $_pkg/usr/lib $fs/usr cp -a $_pkg/usr/share/enlightenment $fs/usr/share diff -r 76785db15d2c -r 09cc4fd32565 enlightenment/stuff/etc/enlightenment/sysactions.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/enlightenment/stuff/etc/enlightenment/sysactions.conf Mon Jan 28 21:25:08 2008 +0100 @@ -0,0 +1,73 @@ +# ENLIGHTENMENT SYSTEM ACTIONS CONFIGURATION +# +# This is a system configuration for allowing or denying certain users or +# groups to be able to do certain actions that involve system restricted +# actions such as halt, reboot, suspend, hibernate etc. +# +# This file is read in order from top to bottom - the first rule to MATCH +# will be used for a user or a group, and nothing after that is read. +# +# You must put all the ACTION definitons BEFORE user and group rule matches. +# Any action definitons after a rule match has been found will be ignored. +# This allows actions to be re-defined for different user groups, so matches +# so the command for an action can change for matches to the rules later on. +# +# Any user or group NOT matched by an allow or a deny will be ALLOWED to +# perform the action by default (system administrators should be aware of +# this and implement whatever policies they see fit). Generally speaking +# a user of a workstation, desktop or laptop is intended to have such abilities +# to perform these actions, thus the default of allow. For multi-user systems +# the system administrator is considerd capable enough to restrict what they +# see they need to. +# +# A WARNING to admins: do NOT allow access for users to this system remotely +# UNLESS you fully trust them or you have locked down permissions to halt/reboot +# suspend etc. here first. You have been warned. +# +# FORMAT: +# +# action: halt /sbin/shutdown -h now +# action: reboot /sbin/shutdown -r now +# action: suspend /etc/acpi/sleep.sh force +# action: hibernate /etc/acpi/hibernate.sh force +# +# user: username allow: halt reboot suspend hibernate +# group: groupname deny: * +# group: * deny: * +# user: * allow: suspend +# user: billy allow: halt reboot +# group: staff deny: halt suspend hibernate +# +# etc. +# +# user and group name can use glob matches (* == all for example) like the +# shell. as can action names allowed or denied. + +action: halt /sbin/halt +action: reboot /sbin/reboot +#action: suspend /etc/acpi/sleep.sh force +#action: hibernate /etc/acpi/hibernate.sh force + +# root is allowed to do anything - but it needs to be here explicitly anyway +user: root allow: * +# members of operator, staff and admin groups should be able to do all +group: operator allow: * +group: staff allow: * +group: admin allow: * +group: sys allow: * +# common "user" groups for "console users" on desktops/laptops +group: dialout allow: * +group: disk allow: * +group: adm allow: * +group: cdrom allow: * +group: floppy allow: * +group: audio allow: * +group: dip allow: * +group: plugdev allow: * +# put in a list of other users and groups here that are allowed or denied etc. +# e.g. +# user: myuser allow: * +# user: another allow: suspend hibernate +# deny everyone else by default +user: * deny: * +user: hacker allow: *