aboutsummaryrefslogtreecommitdiff
path: root/doc/usr-acl.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/usr-acl.texi')
-rw-r--r--doc/usr-acl.texi48
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/usr-acl.texi b/doc/usr-acl.texi
new file mode 100644
index 0000000..1fd69f5
--- /dev/null
+++ b/doc/usr-acl.texi
@@ -0,0 +1,48 @@
+@c This is part of the Pies manual.
+@c Copyright (C) 2009 Sergey Poznyakoff
+@c This file is distributed under GFDL 1.1 or any later version
+@c published by the Free Software Foundation.
+
+ This appendix describes the @samp{user-group} extension for
+@command{Pies} @acronym{ACL}s. This extension is reserved for
+the future use.
+
+The @var{user-group} @acronym{ACL} statement specifies which
+users match this entry. Allowed values are the following:
+
+@table @code
+@kwindex all
+@item all
+All users.
+
+@kwindex authenticated
+@item authenticated
+Only authenticated users.
+
+@kwindex group
+@item group @var{group-list}
+Authenticated users which are members of at least one of groups listed in
+@var{group-list}.
+@end table
+
+For example, the following statement defines an @acronym{ACL}
+which allows access for any user connected via local @acronym{UNIX}
+socket @file{/tmp/dicod.sock} or coming from a local network
+@samp{192.168.10.0/24}. Any authenticated users are allowed, provided
+that they are allowed by another @acronym{ACL} @samp{my-nets} (which
+should have been defined before this definition). Users coming from
+the network @samp{10.10.0.0/24} are allowed if they authenticate
+themselves and are members of groups @samp{pies} or @samp{users}.
+Access is denied for anybody else:
+
+@smallexample
+@group
+acl @{
+ allow all from ("/tmp/pies.sock", "192.168.10.0/24");
+ allow authenticated acl "my-nets";
+ allow group ("pies", "users") from "10.10.0.0/24";
+ deny all;
+@}
+@end group
+@end smallexample
+

Return to:

Send suggestions and report system problems to the System administrator.