1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
[roles]
# Any similarity to any user living or dead is entirely coincidental.
overlord: mas90
sidekick: spqr2
henchmen: abc12 defg1
cleaners: xyz10
zoologists: aaa11 bbb22
apache: www-data
[groups]
# A group containing "*" is considered special: everybody in every role
# defined above is a member of this wildcard group.
#
# (NB: not necessarily just people; it's inadvisable to use this group
# to provide access to any resource.)
#
# When a user is removed from this group (i.e. he/she previously occupied
# one or more roles but now does not), he/she is cancelled (see below).
# If you define a wildcard group, you must configure the "disableuser"
# and "reenableuser" scripts below.
users: *
# His mightiness the Overlord lives in the volcano lair, along with
# his trusty sidekick and henchmen.
volcano-lair: overlord sidekick henchmen
# He is aided by some contractors
contractors: cleaners zoologists
# The shark tank should be accessible by all resident lair staff plus
# the zoologists who advise about the shark
sharktank: volcano-lair zoologists
[config]
# Grouptree needs to be taught how to perform various actions.
# You may need to write some of these scripts yourself.
adduser: adduser %user%
addgroup: addgroup %group%
addtogroup: addtogroup %user% %group%
removefromgroup: deluser %user% %group%
# If a user is removed from a wildcard group, he/she is cancelled.
# If a user who already exists is added to the wildcard group, he/she
# is reenabled.
#
# You only need to configure this if you have a wildcard group.
disableuser: canceluser %user%
reenableuser: uncanceluser %user%
|