path: root/doc
authorSergey Poznyakoff <>2016-03-05 13:14:24 (GMT)
committer Sergey Poznyakoff <>2016-03-05 13:22:55 (GMT)
commitad5bd6e401657b9cb0fed04d15cdc6feeef91e15 (patch) (side-by-side diff)
tree59838ad72680ba73145708c7a30a765ec2afdba0 /doc
parente558ab9db422cfd2bd59a07b72119b67a7598896 (diff)
ACL reference statements.
All ACL keywords can be used in simple statement as well as in block form. As simple statements, they take a name of an already defined named ACL. E.g.: defacl forbid { deny any; } component foo { list-acl forbid; } This commit also fixes some eventual double-frees. * doc/pies.texi: Update. * src/acl.c (pies_acl)<refcnt>: New member. (pies_acl_use): New function. (pies_acl_create): Initialize refcnt. (pies_acl_destroy): New function. (pies_acl_free): Rewrite as a wrapper over pies_acl_destroy. (_parse_sub_acl): Call pies_acl_use when installing a named ACL. (_acl_common_section_parser): Handle grecs_callback_set_value. * src/acl.h (pies_acl_destroy) (pies_acl_use): New function. * src/comp.c (component_free): Free acl.
Diffstat (limited to 'doc') (more/less context) (ignore whitespace changes)
1 files changed, 36 insertions, 10 deletions
diff --git a/doc/pies.texi b/doc/pies.texi
index 8e25e76..ae4a56a 100644
--- a/doc/pies.texi
+++ b/doc/pies.texi
@@ -862,16 +862,6 @@ process instead.
@end table
@end deffn
-@deffn {Config: component} user-acl @{ @dots{} @}
-ACL controlling read-only access to this component.
-@FIXME-pxref{Access to Components}.
-@end deffn
-@deffn {Config: component} admin-acl @{ @dots{} @}
-ACL controlling administrative (write) access to this component.
-@FIXME-pxref{Access to Components}.
-@end deffn
The following subsections describe the rest of @samp{component}
@@ -884,6 +874,7 @@ substatements.
* Output Redirectors::
* Inetd-Style Components::
* Meta1-Style Components::
+* Visibility::
* Component Syntax Summary::
@end menu
@@ -1603,6 +1594,34 @@ This socket file is supposed to be created by the component binary
upon its startup.
@end deffn
+@node Visibility
+@subsection Component Visibility ACLs
+ Pies control interface allows certain users to list and modify
+components of a running @command{pies} instance. Two access control
+lists define who can list and modify the particular component.
+@deffn {Config: component} list-acl @var{name}
+@deffnx {Config: component} list-acl @{ @dots{} @}
+This list controls who can get listing of this component
+(@FIXME-pxref{component listing}).
+In the first form, @var{name} refers to the name of an already defined
+global ACL (@pxref{defacl}).
+The second form defines new unnamed ACL. The syntax is described in
+detail in @ref{ACL}.
+@end deffn
+@deffn {Config: component} admin-acl @var{name}
+@deffnx {Config: component} admin-acl @{ @dots{} @}
+This list controls who can stop, restart or otherwise modify this
+component (@FIXME-pxref{component management}).
+As above, two forms are available: the first one for using an already
+defined named ACL, and the second one, for defining a new ACL in place.
+@end deffn
@node Component Syntax Summary
@subsection Component Syntax Summary
This subsection summarizes the @code{component} statements. For each
@@ -1687,14 +1706,20 @@ component @var{tag} @{
# @r{ACL for administrative access to this component.}
# @FIXME-xref{Access to Components}.
+ admin-acl @var{name};
+ # @r{or:}
admin-acl @{ @dots{} @}
# @r{ACL for read-only access to this component.}
# @FIXME-xref{Access to Components}.
+ list-acl @var{name};
+ # @r{or:}
list-acl @{ @dots{} @}
# @r{ACL for this component.}
# @xref{ACL}.
+ acl @var{name};
+ # @r{or:}
acl @{ @dots{} @}
# @r{Override default syslog facility for this component.}
@@ -1925,6 +1950,7 @@ acl @{
component @acronym{ACL} is consulted. As a result, access is
granted only if both lists allow it.
A @dfn{named @acronym{ACL}} is an access control list which is
assigned its own name. Named @acronym{ACL}s are defined using
the @samp{defacl} statement:

Return to:

Send suggestions and report system problems to the System administrator.