home *** CD-ROM | disk | FTP | other *** search
- # ----------------------------------------------------------------------
- # NIS map = permissions
- # groked by: login, in.rshd, permtest, in.ftpd
- # rsh and ftp generate tty field values of 'rsh' and 'ftp'
- #
- # SYNTAX:
- # entry : hostname '\t' permlist
- # permlist : permission `|` permlist
- # | permission
- # | null
- # permission : ttylist ':' authlist
- # | '$' entry -> #include an entry
- # ttylist : tty ',' ttylist
- # | tty -> tty regexp
- # | null
- # authlist : auth ',' authlist
- # | auth
- # auth : + spec -> add
- # : - spec -> delete
- # | null
- # spec : user -> username to change
- # | '.' group -> group regexp to change
- #
- # NOTES:
- # Watch how we deny anonomous ftp on every machine with the $admin
- # macro, then allow it on fsa again. fsa is our admin only machine, and
- # does not actually run the ftpd included, but rather a logging ftpd.
- #
- # Two example users will explain the groups
- # aycock is in groups: c510/L01, c461/L01, and c401/L01. (His account is
- # actually in /home/c510/L01/aycock)
- # deraadt is in groups: staff wheel daemonkmem bin telnet cdrom
- #
- # The macros at the top are very important. They groups machines into sets
- # making their management easier.
- #
- # In some places you will see references to tty's. These are our fast modem
- # racks. We restrict certain groups to using them. Others can go through the
- # slower campus terminal servers.
- # ----------------------------------------------------------------------
-
- # macros
- admin *:+.utils,+.staff,+.wheel,+operator | ftp:-ftp
- grad_ws $admin | *:+.grads,+.profs,+.research,+.summer,+.gl,+.vlsi,+.srdg,+.c502/L01,+.c599/L01,+.c651/L01
- prof_ws $admin | *:+.profs,+.research,+.srdg,+.offstaff
- vlsi_ws $admin | *:+.vlsi,+graham,+olthof,+jevans,+milligan
- off_ws $admin | *:+.offstaff,+.profs
- ug_ws $admin | $grad_ws | *:+.c[456]*
-
- # admin machines
- fsa $admin | ttyb,ttyh?:-.*,+.staff,+.uucp | *:+frangos,+elsie | ftp:+ftp
- aa $admin
- rat $admin | *:+aycock
- sev $admin
- atlas $admin | *:+test,-jamesm
- dudes $admin
- glags $admin
-
- # profs machines
- fsc $admin | *:+.grads,+.profs,+.research,+.srdg,+.vlsi,+.offstaff,+.c491/L01,+.banff,+.visitors | ttyj[0-6]:-.*,+.staff,+.profs,+.offstaff,+gl
- interval $prof_ws
- ca $prof_ws
- cb $prof_ws
- cc $prof_ws | *:+.gl
- cd $prof_ws | *:+.grads,+.research,+.srdg,+.vlsi,+joan
- ce $prof_ws
- cf $prof_ws
- cg $prof_ws
- ch $prof_ws
- ic $prof_ws
- golf $prof_ws
- albert $prof_ws
-
- # grads machines
- fsd $admin | *:+.grads,+.profs,+.research,+.summer,+.vlsi,+gl,+.srdg,+.c502/L01,+.c599/L01,+.banff,+.arc,+conway | ttyh[0-6]:-.*,+.staff,+.profs,+.grads,+.vlsi,+.offstaff,+.research
- ab $grad_ws | *:+publisher
- da $grad_ws
- db $grad_ws
- dc $grad_ws | *:+joan
- dd $grad_ws
- de $grad_ws
- df $grad_ws
- dg $grad_ws
- dh $grad_ws
- di $grad_ws
- dj $grad_ws
- dk $grad_ws
- ij $grad_ws
-
- # vlsi machines
- fsg $vlsi_ws
- ga $vlsi_ws
- gb $vlsi_ws
- gc $vlsi_ws
- gd $vlsi_ws
- ge $vlsi_ws
- gf $vlsi_ws
- gg $vlsi_ws
- gh $vlsi_ws
-
- # office staff machines
- ia $off_ws
- ih $off_ws
-
- # undergraduate workstations
- ea $ug_ws
- eb $ug_ws
- ec $ug_ws
- ed $ug_ws
- ee $ug_ws
- ef $ug_ws
- eg $ug_ws
- eh $ug_ws
- ei $ug_ws
- ej $ug_ws
- ha $ug_ws
- hb $ug_ws
- hc $ug_ws
- hd $ug_ws
- he $ug_ws
- hf $ug_ws
- hg $ug_ws
- hh $ug_ws
- hi $ug_ws
- ib $ug_ws
- id $ug_ws
- ie $ug_ws
- if $ug_ws
-
- # graphicsland fileserver
- gfx $admin | *:+.gl,+thorne
-
- # myths. these machines do not run the right login yet.
- bfly $grad_ws
- irisa $admin | *:+.gl,+.c55[13]*
- irisb $admin | *:+.gl,+.c55[13]*
- irisc $admin | *:+.gl
- irisd $admin | *:+.gl
- irise $admin | *:+.gl
- irisf $admin | *:+.gl,+.c55[13]*
-
- # remaining machines. Anyone may use an undergrad machine.
- # be careful - the $admin is at the end to turn off anon ftp
- * *:+.*,-.uucp | $admin
-
- # PRINTERS
- # Our printer permissions are done through permissions as well. Sorry,
- # this distribution of permissions does not include our lpr hacks.
- # I left this in here simply as an example.
-
- lp1 *:+.*,-.nlp
- lp2 *:+.*,-.nlp
-
- cs1 $admin | *:+.grads,+.research,+.profs,+.offstaff,+.srdg,+.submit | *:+.cs1,-.ncs1
- cs2 $admin | *:+.grads,+.research,+.profs,+.offstaff,+.srdg,+.vlsi | *:+.cs2,-.ncs2
-
- alw1 $admin | *:+.profs,+.offstaff,+.grads | *:+.alw1,-.nalw1
- alw2 $admin | *:+.profs,+.offstaff,+.vlsi | *:+.alw2,-.nalw2
- alw3 $admin | *:+.grads,+.research,+.profs,+.srdg,+.vlsi | *:+.alw3,-.nalw3
- alw4 $admin | *:+.grads,+.research,+.profs,+.offstaff,+.srdg,+.vlsi | *:+.alw4,-.nalw4
-
- bp $admin | *:+.bp,-.nbp
- ip $admin | *:+.grads,+.research,+.profs,+.srdg,+.c481* | *:+.ip,-.nip
-
