summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJose Bollo <jose.bollo@iot.bzh>2019-05-24 16:49:02 +0200
committerJose Bollo <jose.bollo@iot.bzh>2019-05-24 17:06:43 +0200
commiteca5ddbb5abd00860e76e06d58d5d2f08a2806e5 (patch)
treea3e16cace22608537b5e42a0618f6d91b0e5c1a8
parent9b9d94d20206f805e08bce1638855aa45ab1b8a6 (diff)
Rework the initial definitions for agent @
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
Diffstat
-rw-r--r--cynara.initial10
1 files changed, 8 insertions, 2 deletions
diff --git a/cynara.initial b/cynara.initial
index aa58c4b..6160474 100644
--- a/cynara.initial
+++ b/cynara.initial
@@ -1,4 +1,10 @@
# initial database for cynara
-System * * * yes always
-User * * * yes always
+* * * * no always # explicit default rule: NO
+* * @ADMIN * yes always # users of group @ADMIN can do anything
+* * @NONE * no always # users of group @NONE can do nothing
+
+# root is in the group @ADMIN
+* * 0 * @:%c:%s:@ADMIN:%p always
+# Client of label System are in the group @ADMIN
+System * * * @:%c:%s:@ADMIN:%p always