aboutsummaryrefslogtreecommitdiff
path: root/doc/usr-acl.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/usr-acl.texi')
-rw-r--r--doc/usr-acl.texi48
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/usr-acl.texi b/doc/usr-acl.texi
new file mode 100644
index 0000000..1fd69f5
--- /dev/null
+++ b/doc/usr-acl.texi
@@ -0,0 +1,48 @@
1@c This is part of the Pies manual.
2@c Copyright (C) 2009 Sergey Poznyakoff
3@c This file is distributed under GFDL 1.1 or any later version
4@c published by the Free Software Foundation.
5
6 This appendix describes the @samp{user-group} extension for
7@command{Pies} @acronym{ACL}s. This extension is reserved for
8the future use.
9
10The @var{user-group} @acronym{ACL} statement specifies which
11users match this entry. Allowed values are the following:
12
13@table @code
14@kwindex all
15@item all
16All users.
17
18@kwindex authenticated
19@item authenticated
20Only authenticated users.
21
22@kwindex group
23@item group @var{group-list}
24Authenticated users which are members of at least one of groups listed in
25@var{group-list}.
26@end table
27
28For example, the following statement defines an @acronym{ACL}
29which allows access for any user connected via local @acronym{UNIX}
30socket @file{/tmp/dicod.sock} or coming from a local network
31@samp{192.168.10.0/24}. Any authenticated users are allowed, provided
32that they are allowed by another @acronym{ACL} @samp{my-nets} (which
33should have been defined before this definition). Users coming from
34the network @samp{10.10.0.0/24} are allowed if they authenticate
35themselves and are members of groups @samp{pies} or @samp{users}.
36Access is denied for anybody else:
37
38@smallexample
39@group
40acl @{
41 allow all from ("/tmp/pies.sock", "192.168.10.0/24");
42 allow authenticated acl "my-nets";
43 allow group ("pies", "users") from "10.10.0.0/24";
44 deny all;
45@}
46@end group
47@end smallexample
48

Return to:

Send suggestions and report system problems to the System administrator.