diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-10-15 16:21:32 +0300 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-10-15 16:21:32 +0300 |
| commit | b713e2208519e7cba1c779cbd9387137eb101e5e (patch) | |
| tree | c1245c09d9cffa5d74ec8961ed0ffd820f0bd23e /doc/usr-acl.texi | |
| parent | 9dbe6b40d07df41255f0c8fda6895000b7c7e1a6 (diff) | |
| download | pies-b713e2208519e7cba1c779cbd9387137eb101e5e.tar.gz pies-b713e2208519e7cba1c779cbd9387137eb101e5e.tar.bz2 | |
Various fixes.
* README: Fix typo.
* doc/usr-acl.texi: New file.
* doc/Makefile.am (pies_TEXINFOS): Remove pies.texi,
add usr-acl.texi
(check-config, check-sub-config): Handle @deffnx
* doc/pies.texi: Update.
* src/Makefile.am (AM_CPPFLAGS): Remove superfluous defs,
use ../gnu/configmake.h instead
* src/acl.c (_acl_common_section_parser): Handle tag, depending
on the value of `flag' parameter.
Avoid coredumping on NULL pacl.
(acl_section_parser, defacl_section_parser): Update calls to
_acl_common_section_parser.
* src/pies.c (STATEDIR): Replace with LOCALSTATEDIR.
(GRECS_VALUE_IS_EMPTY): New define (possibly belongs to
grecs more than to pies).
(assert_grecs_value_type)
(return_code_section_parser): Use GRECS_VALUE_IS_EMPTY to check
for empty value.
(_get_array_arg): Bugfix.
(component_keywords, pies_keywords): Add missing docstrings.
* src/progman.c (TYPE_RETR): Rename to TYPE_REDIRECTOR.
All uses updated.
Diffstat (limited to 'doc/usr-acl.texi')
| -rw-r--r-- | doc/usr-acl.texi | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/usr-acl.texi b/doc/usr-acl.texi new file mode 100644 index 0000000..1fd69f5 --- /dev/null +++ b/doc/usr-acl.texi @@ -0,0 +1,48 @@ +@c This is part of the Pies manual. +@c Copyright (C) 2009 Sergey Poznyakoff +@c This file is distributed under GFDL 1.1 or any later version +@c published by the Free Software Foundation. + + This appendix describes the @samp{user-group} extension for +@command{Pies} @acronym{ACL}s. This extension is reserved for +the future use. + +The @var{user-group} @acronym{ACL} statement specifies which +users match this entry. Allowed values are the following: + +@table @code +@kwindex all +@item all +All users. + +@kwindex authenticated +@item authenticated +Only authenticated users. + +@kwindex group +@item group @var{group-list} +Authenticated users which are members of at least one of groups listed in +@var{group-list}. +@end table + +For example, the following statement defines an @acronym{ACL} +which allows access for any user connected via local @acronym{UNIX} +socket @file{/tmp/dicod.sock} or coming from a local network +@samp{192.168.10.0/24}. Any authenticated users are allowed, provided +that they are allowed by another @acronym{ACL} @samp{my-nets} (which +should have been defined before this definition). Users coming from +the network @samp{10.10.0.0/24} are allowed if they authenticate +themselves and are members of groups @samp{pies} or @samp{users}. +Access is denied for anybody else: + +@smallexample +@group +acl @{ + allow all from ("/tmp/pies.sock", "192.168.10.0/24"); + allow authenticated acl "my-nets"; + allow group ("pies", "users") from "10.10.0.0/24"; + deny all; +@} +@end group +@end smallexample + |