diff options
Diffstat (limited to 'doc/usr-acl.texi')
-rw-r--r-- | doc/usr-acl.texi | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/usr-acl.texi b/doc/usr-acl.texi new file mode 100644 index 0000000..1fd69f5 --- /dev/null +++ b/doc/usr-acl.texi | |||
@@ -0,0 +1,48 @@ | |||
1 | @c This is part of the Pies manual. | ||
2 | @c Copyright (C) 2009 Sergey Poznyakoff | ||
3 | @c This file is distributed under GFDL 1.1 or any later version | ||
4 | @c published by the Free Software Foundation. | ||
5 | |||
6 | This appendix describes the @samp{user-group} extension for | ||
7 | @command{Pies} @acronym{ACL}s. This extension is reserved for | ||
8 | the future use. | ||
9 | |||
10 | The @var{user-group} @acronym{ACL} statement specifies which | ||
11 | users match this entry. Allowed values are the following: | ||
12 | |||
13 | @table @code | ||
14 | @kwindex all | ||
15 | @item all | ||
16 | All users. | ||
17 | |||
18 | @kwindex authenticated | ||
19 | @item authenticated | ||
20 | Only authenticated users. | ||
21 | |||
22 | @kwindex group | ||
23 | @item group @var{group-list} | ||
24 | Authenticated users which are members of at least one of groups listed in | ||
25 | @var{group-list}. | ||
26 | @end table | ||
27 | |||
28 | For example, the following statement defines an @acronym{ACL} | ||
29 | which allows access for any user connected via local @acronym{UNIX} | ||
30 | socket @file{/tmp/dicod.sock} or coming from a local network | ||
31 | @samp{192.168.10.0/24}. Any authenticated users are allowed, provided | ||
32 | that they are allowed by another @acronym{ACL} @samp{my-nets} (which | ||
33 | should have been defined before this definition). Users coming from | ||
34 | the network @samp{10.10.0.0/24} are allowed if they authenticate | ||
35 | themselves and are members of groups @samp{pies} or @samp{users}. | ||
36 | Access is denied for anybody else: | ||
37 | |||
38 | @smallexample | ||
39 | @group | ||
40 | acl @{ | ||
41 | allow all from ("/tmp/pies.sock", "192.168.10.0/24"); | ||
42 | allow authenticated acl "my-nets"; | ||
43 | allow group ("pies", "users") from "10.10.0.0/24"; | ||
44 | deny all; | ||
45 | @} | ||
46 | @end group | ||
47 | @end smallexample | ||
48 | |||