Name
resmgr.conf ??? main config file for resmgr
Synopsis
/etc/resmgr.conf
,
/etc/resmgr.conf.d
Description
The file
/etc/resmgr.conf
defines the
resource classes for the resource manager resmgrd. The
minimal configuration is to define a single resource
class and manage everything else dynamically. You may also
define devices and access control lists in this configuration
file though.
Additionally all files with suffix
.conf
in the directory
/etc/resmgr.conf.d/
are
read in alphabetical order. This mechanism is intended for
packages that want to define additional ressource classes or
access control rules. The recommended name for files placed in
that directory is
NUMBER
-
PACKAGENAME
.conf
where
NUMBER
is a number between
zero and 99.
Everything starting from a hash mark unto the end of the line is a com-
ment, and is ignored.
The configuration file can contain the following commands:
class
NAME
Defines a resource class named
NAME
Class names must be
unique. Class names may only consist of upper or lower
ASCII characters, underscores, dashes, colons and
periods.
class
NAME
includes
CHILDREN...
Defines that granting access to class
NAME
also grants access to
CHILDREN
classes.
add
device
class
[
flags
]
add the specified device to the resource class
class. Optionally, one or more flags can be specified.
The read-only flag marks the device read-only.
Attempts to open the device for writing will be
refused.
The scsi flag allows clients to ask for the
corresponding raw SCSI device instead of the device
itself. This is useful for applications such as
CD writers or scanners that need to find and open the
raw SCSI device corresponding to e.g. /dev/cdrom.
The nofacl flag prevents resmgr from installing file
system ACLs for the device. Note that ACLs are only
installed for devices of the file family.
exclude
device
class
[
flags
]
Explicitely deny access to
device
. Exclude statements
are useful for example before a statement that adds
usb:any
allow
class
acl...
Grants all users matched by the ACL statement access
to resource class class. Any subsequent access control
statements for this class will be ignored.
deny
class
acl...
Denies all users matched by the ACL statement access
to resource class class. Any subsequent access control
statements for this class will be ignored.
ACL Format
ACLs  attached to a resource class is made up  of  one  or  more  match
clauses of the format name=value, where name can be one of user, group,
tty, rhost or service.  value can be a literal value or a
glob  expression,  such  as meissner  (a user name),
/dev/tty[0-9]*, or :* (for matching all logins on a local X
display).
These match clauses can be combined using the standard  boolean  opera-
tors   &&,   ||,  and  !.   Note  that  !name=value  is  equivalent  to
name!=value.
Sub-expressions can be grouped by putting them in brackets.
Usually, an ACL will contain just a single user or group name, but  you
can  specify several, forming an AND clause. When a name is preceded by
an exclamation mark, the match result is negated.
For example, the following statements for the  resource  class  desktop
will  deny  access to users uucp and news, but grant access to everyone
in group wheel, and everyone else as long as they're logged in  at  the
console or a local X11 session:
deny  desktop user=uucp || user=news
allow desktop group=wheel
allow desktop tty=/dev/tty[0-9]* || tty=:0
Device Families
resmgr supports special handling of some type of devices. For
this purpose device families were introduced. When adding a
device to resmgr the family name has to be prepended to the
device path, separated by a colon.
The family can be omitted for device name that start with a
slash. Resmgr will treat them as file unless they are opened
as another family and file flags allow that. For example you
may use
resmgr add /dev/sr0 scsi
to add a
device and later open either
file:/dev/sr0
or
scsi:/dev/sr0
file
regular files, character and block devices. Normally
device nodes in
/dev
resmgr accepts the following syntax:
file:PATH
usb
usb devices are normally not accessed via device files
but via the
/proc/bus/usb
filesystem.
resmgr accepts any of the following syntax:
usb:/proc/bus/usb/BUSNR/DEVNR
usb:key1=value1,key2=value2,...
usb:BUSNR,DEVNR
usb:BUSNR,DEVNR:/proc/bus/usb/BUSNR/DEVNR
key
can be any of
bus
,
dev
,
class
,
subclass
,
vendor
or
product
scsi
for SCSI devices applications often want to open the
SCSI-generic device instead of the disk device, e.g.
sg1
instead of
sr0
. Since the numbering
of both kind of devices is not related the scsi family
was introduced to automatically determine with devices
belong to together. So if you want to allow CD burning
on your recorder with the device
/dev/sr0
you would tell resmgr to
open
scsi:/dev/sr0
resmgr accepts any of the following syntax:
scsi:/dev/NAME
scsi:BUS.TARGET.LUN
scsi:TARGET.LUN
scsi:BUS.TARGET.LUN:/dev/NAME
scsi:TARGET.LUN:/dev/NAME
paride
PARIDE devices work similar to SCSI ones.
resmgr accepts any of the following syntax:
paride:/dev/NAME
paride:MINOR
paride:MINOR:/dev/NAME
socket
the socket family deals with
AF_LOCAL
sockets.
resmgr accepts any of the following syntax:
socket:PATH;dgram
socket:PATH;stream
See Also
resmgrd
(8)
resmgr
(1)
