# This is the default set of devices people logged in on the desktop get
# access to:
class desktop
#
# Standard multimedia devices
add /dev/audio		desktop
add /dev/mixer		desktop
add /dev/dsp		desktop
add /dev/sequencer	desktop
add /dev/video		desktop
#
# Modem device
add /dev/modem         desktop
#
# CD-ROMs - giving permission to open the corresponding SCSI
# device is highly useful for CD writers such as cdrecord.
add /dev/cdrom		desktop scsi paride
add /dev/cdrom1		desktop scsi paride
add /dev/cdrecorder	desktop scsi
add /dev/dvd		desktop scsi paride
add /dev/dvd1		desktop scsi paride
add /dev/sr0		desktop scsi
add /dev/sr1		desktop scsi
add /dev/sr2		desktop scsi
add /dev/sr3		desktop scsi
#
# Dito for SCSI scanners, which all use /dev/scanner symlink.
add /dev/scanner	desktop scsi
#
# And USB scanners.
add /dev/usbscanner    desktop
add /dev/usb/scanner   desktop
add /dev/usb/scanner0  desktop
add /dev/usb/scanner1  desktop
add /dev/usb/scanner2  desktop
add /dev/usb/scanner3  desktop
add /dev/usb/scanner4  desktop
add /dev/usb/scanner5  desktop
add /dev/usb/scanner6  desktop
add /dev/usb/scanner7  desktop
#
# make /dev/console accessible read-only
add /dev/console   desktop read-only

#
# This rule grants access to users logged in locally
#
allow desktop          tty=/dev/tty[1-9]* || tty=tty[1-9]* || tty=:0

# For serial gphoto cameras.
# add /dev/ttyS0 desktop
# add /dev/ttyS1 desktop
#
# Sample rules, do not enable by default:
#
# This rule denies access to users uucp and news
#
# deny  desktop		user=uucp || user=news
#
# This rule gives access to all members of group wheel
#
# allow	desktop		group=wheel
# 
# To make resmgr work with ssh, for instance, add the following
# line to /etc/pam.d/ssh:
# 	session    optional   pam_resmgr.so fake_ttyname
# When a user logs in, a resmgr session will be opened, and
# access will be granted automaticially to all resource classes
# matched via access control statements in resmgr.conf.