summaryrefslogtreecommitdiffabout
path: root/doc/usr-acl.texi
blob: 8d18aeb9f87eeaa543a0a6f01fc03ee834adaa0e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
@c This is part of the GNU Pies manual.
@c Copyright (C) 2009, 2010, 2013 Sergey Poznyakoff
@c This file is distributed under GFDL 1.3 or any later version
@c published by the Free Software Foundation.

  This appendix describes the @samp{user-group} extension for
GNU @command{Pies} @acronym{ACL}s.  This extension is reserved for
the future use.
  
The @var{user-group} @acronym{ACL} statement specifies which
users match this entry.  Allowed values are the following:

@table @code
@kwindex all
@item all
All users.

@kwindex authenticated
@item authenticated
Only authenticated users.

@kwindex group
@item group @var{group-list}
Authenticated users which are members of at least one of groups listed in
@var{group-list}.
@end table

For example, the following statement defines an @acronym{ACL}
which allows access for any user connected via local @acronym{UNIX}
socket @file{/tmp/pies.sock} or coming from a local network
@samp{192.168.10.0/24}.  Any authenticated users are allowed, provided
that they are allowed by another @acronym{ACL} @samp{my-nets} (which
should have been defined before this definition).  Users coming from
the network @samp{10.10.0.0/24} are allowed if they authenticate
themselves and are members of groups @samp{pies} or @samp{users}.
Access is denied for anybody else:

@smallexample
@group
acl @{
    allow all from ("/tmp/pies.sock", "192.168.10.0/24");
    allow authenticated acl "my-nets";
    allow group ("pies", "users") from "10.10.0.0/24";
    deny all;
@}
@end group
@end smallexample

Return to:

Send suggestions and report system problems to the System administrator.