pam_access: support UID and GID in access.conf

Extend access.conf(5) syntax to support UID and GID in addition to
user and group names.

Co-authored-by: blueskycs2c <lili.ding@cs2c.com>
Signed-off-by: Dmitry V. Levin <ldv@strace.io>
Resolves: https://github.com/linux-pam/linux-pam/issues/114
Resolves: https://github.com/linux-pam/linux-pam/pull/186
Resolves: https://github.com/linux-pam/linux-pam/pull/601

1 files changed, 8 insertions, 2 deletions

diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index 2dc5d477..35a1a8fe 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -63,10 +63,10 @@
     <para>
       The second field, the
       <replaceable>users</replaceable>/<replaceable>group</replaceable>
-      field, should be a list of one or more login names, group names, or
+      field, should be a list of one or more login names, group names, uid, gid, or
       <emphasis>ALL</emphasis> (which always matches). To differentiate
       user entries from group entries, group entries should be written
-      with brackets, e.g. <emphasis>(group)</emphasis>.
+      with brackets, e.g. <emphasis>(group)</emphasis> or <emphasis>(gid)</emphasis>.
     </para>
 
     <para>
@@ -176,6 +176,12 @@
     <para>-:root:ALL</para>
 
     <para>
+      A user with uid <emphasis>1003</emphasis> and a group with gid
+      <emphasis>1000</emphasis> should be allowed to get access
+      from all other sources.
+    </para>
+    <para>+:(1000) 1003:ALL</para>
+    <para>
       User <emphasis>foo</emphasis> and members of netgroup
       <emphasis>admins</emphasis> should be allowed to get access
       from all sources. This will only work if netgroup service is available.