path: root/doc/usr-acl.texi
diff options
Diffstat (limited to 'doc/usr-acl.texi')
1 files changed, 48 insertions, 0 deletions
diff --git a/doc/usr-acl.texi b/doc/usr-acl.texi
new file mode 100644
index 0000000..1fd69f5
--- /dev/null
+++ b/doc/usr-acl.texi
@@ -0,0 +1,48 @@
+@c This is part of the Pies manual.
+@c Copyright (C) 2009 Sergey Poznyakoff
+@c This file is distributed under GFDL 1.1 or any later version
+@c published by the Free Software Foundation.
+ This appendix describes the @samp{user-group} extension for
+@command{Pies} @acronym{ACL}s. This extension is reserved for
+the future use.
+The @var{user-group} @acronym{ACL} statement specifies which
+users match this entry. Allowed values are the following:
+@table @code
+@kwindex all
+@item all
+All users.
+@kwindex authenticated
+@item authenticated
+Only authenticated users.
+@kwindex group
+@item group @var{group-list}
+Authenticated users which are members of at least one of groups listed in
+@end table
+For example, the following statement defines an @acronym{ACL}
+which allows access for any user connected via local @acronym{UNIX}
+socket @file{/tmp/dicod.sock} or coming from a local network
+@samp{}. Any authenticated users are allowed, provided
+that they are allowed by another @acronym{ACL} @samp{my-nets} (which
+should have been defined before this definition). Users coming from
+the network @samp{} are allowed if they authenticate
+themselves and are members of groups @samp{pies} or @samp{users}.
+Access is denied for anybody else:
+acl @{
+ allow all from ("/tmp/pies.sock", "");
+ allow authenticated acl "my-nets";
+ allow group ("pies", "users") from "";
+ deny all;
+@end group
+@end smallexample

Return to:

Send suggestions and report system problems to the System administrator.