Name
resmgr.conf — main config file for resmgr
Synopsis
/etc/resmgr.conf,
    
/etc/resmgr.conf.d
Description
      The file 
/etc/resmgr.conf defines the
      resource classes for the resource manager resmgrd. The
      minimal configuration is to define a single resource
      class and manage everything else dynamically. You may also
      define devices and access control lists in this configuration
      file though.
    
      Additionally all files with suffix 
.conf      in the directory 
/etc/resmgr.conf.d/ are
      read in alphabetical order. This mechanism is intended for
      packages that want to define additional ressource classes or
      access control rules. The recommended name for files placed in
      that directory is
      
	
NUMBER-PACKAGENAME.conf
      
      where 
NUMBER is a number between
      zero and 99.
    
       Everything starting from a hash mark unto the end of the line is a com-
       ment, and is ignored.
    
      The configuration file can contain the following commands:
      
	    
class	    
NAME	  
	      Defines a resource class named
	      
NAME	    
	      Class names must be
	      unique. Class names may only consist of upper or lower
	      ASCII characters, underscores, dashes, colons and
	      periods.
	    
	    
class	    
NAME	    
includes	    
CHILDREN...	  
	      Defines that granting access to class
	      
NAME also grants access to
	      
CHILDREN classes.
	    
	    
add	    
device	    
class	    [
	      
flags	    
]
	  
	      add the specified device to the resource class
	      class. Optionally, one or more flags can be specified.
	    
	      The read-only flag marks the device read-only.
	      Attempts to open the device for writing will be
	      refused.
	    
	      The scsi flag allows clients to ask for the
	      corresponding raw SCSI device instead of the device
	      itself. This is useful for applications such as
	      CD writers or scanners that need to find and open the
	      raw SCSI device corresponding to e.g. /dev/cdrom.
	    
	      The nofacl flag prevents resmgr from installing file
	      system ACLs for the device. Note that ACLs are only
	      installed for devices of the file family.
	    
	    
exclude	    
device	    
class	    [
	      
flags	    
]
	  
	      Explicitely deny access to
	      
device. Exclude statements
	      are useful for example before a statement that adds
	      
usb:any	    
	    
allow	    
class	    
acl...	  
	      Grants all users matched by the ACL statement access
	      to resource class class. Any subsequent access control
	      statements for this class will be ignored.
	    
	    
deny	    
class	    
acl...	  
	      Denies all users matched by the ACL statement access
	      to resource class class. Any subsequent access control
	      statements for this class will be ignored.
	    
    
ACL Format
      ACLs  attached to a resource class is made up  of  one  or  more  match
      clauses of the format name=value, where name can be one of user, group,
      tty, rhost or service.  value can be a literal value or a
      glob  expression,  such  as meissner  (a user name),
      /dev/tty[0-9]*, or :* (for matching all logins on a local X
      display).
    
      These match clauses can be combined using the standard  boolean  opera-
      tors   &&,   ||,  and  !.   Note  that  !name=value  is  equivalent  to
      name!=value.
    
      Sub-expressions can be grouped by putting them in brackets.
    
      Usually, an ACL will contain just a single user or group name, but  you
      can  specify several, forming an AND clause. When a name is preceded by
      an exclamation mark, the match result is negated.
    
      For example, the following statements for the  resource  class  desktop
      will  deny  access to users uucp and news, but grant access to everyone
      in group wheel, and everyone else as long as they're logged in  at  the
      console or a local X11 session:
      
deny  desktop user=uucp || user=news
allow desktop group=wheel
allow desktop tty=/dev/tty[0-9]* || tty=:0
  
Device Families
      resmgr supports special handling of some type of devices. For
      this purpose device families were introduced. When adding a
      device to resmgr the family name has to be prepended to the
      device path, separated by a colon.
    
      The family can be omitted for device name that start with a
      slash. Resmgr will treat them as file unless they are opened
      as another family and file flags allow that. For example you
      may use 
resmgr add /dev/sr0 scsi to add a
      device and later open either 
file:/dev/sr0      or 
scsi:/dev/sr0    
file	    regular files, character and block devices. Normally
	    device nodes in 
/dev	  
	    resmgr accepts the following syntax:
	    
file:PATH	  
usb	    usb devices are normally not accessed via device files
	    but via the 
/proc/bus/usb	    filesystem.
	    
	  
	    resmgr accepts any of the following syntax:
	    
usb:/proc/bus/usb/BUSNR/DEVNR
usb:key1=value1,key2=value2,...
usb:BUSNR,DEVNR
usb:BUSNR,DEVNR:/proc/bus/usb/BUSNR/DEVNR
	    
key can be any of
	    
bus,
	    
dev,
	    
class,
	    
subclass,
	    
vendor or
	    
product	  
scsi	    for SCSI devices applications often want to open the
	    SCSI-generic device instead of the disk device, e.g.
	    
sg1	    instead of 
sr0. Since the numbering
	    of both kind of devices is not related the scsi family
	    was introduced to automatically determine with devices
	    belong to together. So if you want to allow CD burning
	    on your recorder with the device
	    
/dev/sr0 you would tell resmgr to
	    open 
scsi:/dev/sr0 
	  
	    resmgr accepts any of the following syntax:
	    
scsi:/dev/NAME
scsi:BUS.TARGET.LUN
scsi:TARGET.LUN
scsi:BUS.TARGET.LUN:/dev/NAME
scsi:TARGET.LUN:/dev/NAME
	  
paride	    PARIDE devices work similar to SCSI ones.
	  
	    resmgr accepts any of the following syntax:
	    
paride:/dev/NAME
paride:MINOR
paride:MINOR:/dev/NAME
	  
socket	    the socket family deals with 
AF_LOCAL	    sockets.
	  
	    resmgr accepts any of the following syntax:
	    
socket:PATH;dgram
socket:PATH;stream
	  
See Also
      
resmgrd(8)      
resmgr(1)    
