.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "TORRUS_ACLEDIT 8" .TH TORRUS_ACLEDIT 8 "2015-07-14" "torrus 2.08" "torrus" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" acledit \- Manage Torrus access control lists (ACLs). .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBtorrus acledit\fR [\fIoptions...\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" This command manages the Torrus access control lists. Each user is identified by user \s-1ID,\s0 and has a set of attributes. Currently supported attributes are \f(CW\*(C`cn\*(C'\fR (common name) and \f(CW\*(C`userPasswordMD5\*(C'\fR (\s-1MD5\s0 digest of the user's password). .PP Each user belongs to one or several groups. Each group has its own set of privileges. A privilege is identified by privilege name and object name. Currently only one privilege name is supported: \&\f(CW\*(C`DisplayTree\*(C'\fR, and the object name is the name of the tree that this group is allowed to browse. .PP User authorization in the web interface is controlled by the \&\f(CW$Torrus::CGI::authorizeUsers\fR variable in \fItorrus\-siteconfig.pl\fR. .SH "GROUP MANAGEMENT OPTIONS" .IX Header "GROUP MANAGEMENT OPTIONS" .IP "\fB\-\-addgroup\fR=\fI\s-1GROUP\s0\fR" 4 .IX Item "--addgroup=GROUP" Creates a new group with the given name. .IP "\fB\-\-delgroup\fR=\fI\s-1GROUP\s0\fR" 4 .IX Item "--delgroup=GROUP" Deletes the group with the given name. .IP "\fB\-\-modgroup\fR=\fI\s-1GROUP\s0\fR" 4 .IX Item "--modgroup=GROUP" Modifies the given group. .IP "\fB\-\-permit\fR=\fI\s-1PRIVILEGE\s0\fR" 4 .IX Item "--permit=PRIVILEGE" Grants privilege to group(s). Currently supported privileges are: \&\f(CW\*(C`DisplayTree\*(C'\fR for displaying a datasource tree, and \f(CW\*(C`DisplayAdmInfo\*(C'\fR for displaying the administrative information (all significant parameters for a given datasource leaf). .IP "\fB\-\-deny\fR=\fI\s-1PRIVILEGE\s0\fR" 4 .IX Item "--deny=PRIVILEGE" Revokes group(s) privilege. .IP "\fB\-\-for\fR=\fI\s-1OBJECT\s0\fR" 4 .IX Item "--for=OBJECT" Object for which privileges are granted or revoked. Currently it must be the name of the tree for which the \f(CW\*(C`DisplayTree\*(C'\fR and \f(CW\*(C`DisplayAdmInfo\*(C'\fR privilegs are granted or revoked. The asterisk (*) instead of the object name assigns the privilege for all objects. .SH "USER MANAGEMENT OPTIONS" .IX Header "USER MANAGEMENT OPTIONS" .IP "\fB\-\-adduser\fR=\fI\s-1UID\s0\fR" 4 .IX Item "--adduser=UID" Creates a new user with the given user \s-1ID.\s0 .IP "\fB\-\-addhost\fR=\fI\s-1HOST\s0\fR" 4 .IX Item "--addhost=HOST" Creates a new user for host-based authentication. \fI\s-1HOST\s0\fR should be an IPv4 or IPv6 address of the \s-1HTTP\s0 client. The new username is the address with all non-alphanumeric characters replaced with underscores. Host password is changed by <\-\-hostpassword> option. .IP "\fB\-\-deluser\fR=\fI\s-1UID\s0\fR" 4 .IX Item "--deluser=UID" Deletes user with the given user \s-1ID.\s0 .IP "\fB\-\-moduser\fR=\fI\s-1UID\s0\fR" 4 .IX Item "--moduser=UID" Modifies the user attributes for the given user \s-1ID.\s0 .IP "\fB\-\-addtogroup\fR=\fI\s-1GROUP\s0\fR" 4 .IX Item "--addtogroup=GROUP" Adds user to the given group. .IP "\fB\-\-delfromgroup\fR=\fI\s-1GROUP\s0\fR" 4 .IX Item "--delfromgroup=GROUP" Deletes user from the given group. .IP "\fB\-\-password\fR=\fI\s-1PASSWORD\s0\fR" 4 .IX Item "--password=PASSWORD" Sets user's password. .IP "\fB\-\-hostpassword\fR=\fI\s-1PASSWORD\s0\fR" 4 .IX Item "--hostpassword=PASSWORD" Sets the password for host-based authentication. The \s-1HTTP\s0 client should add \f(CW\*(C`hostauth\*(C'\fR parameter with the password as a value. .IP "\fB\-\-cn\fR=\fI\s-1NAME\s0\fR" 4 .IX Item "--cn=NAME" Sets user's common name. .IP "\fB\-\-showuser\fR=\fI\s-1UID\s0\fR" 4 .IX Item "--showuser=UID" Displays information for a given user. .SH "GENERAL OPTIONS" .IX Header "GENERAL OPTIONS" .IP "\fB\-\-export\fR=\fI\s-1FILE\s0\fR" 4 .IX Item "--export=FILE" Exports \s-1ACL\s0 configuration to a given file. .IP "\fB\-\-template\fR=\fI\s-1FILE\s0\fR" 4 .IX Item "--template=FILE" Uses the given template file when exporting. Default value is \fIaclexport.xml\fR. .IP "\fB\-\-import\fR=\fI\s-1FILE\s0\fR" 4 .IX Item "--import=FILE" Imports \s-1ACL\s0 configuration from the given file. .IP "\fB\-\-clear\fR" 4 .IX Item "--clear" Deletes all user and privileges configuration. .IP "\fB\-\-list\fR" 4 .IX Item "--list" Lists all users and groups they belong to. .IP "\fB\-\-debug\fR" 4 .IX Item "--debug" Sets the log level to debug. .IP "\fB\-\-verbose\fR" 4 .IX Item "--verbose" Sets the log level to info. .IP "\fB\-\-help\fR" 4 .IX Item "--help" Displays a help message. .SH "EXAMPLES" .IX Header "EXAMPLES" .Vb 5 \& torrus acledit \-\-addgroup=staff \-\-permit=DisplayTree \e \& \-\-for=main \-\-for=thecustomer \& torrus acledit \-\-adduser=jsmith \-\-password=mysecretpassword \e \& \-\-cn="John Smith" \-\-addtogroup=staff \& torrus acledit \-\-addgroup=admin \-\-permit=DisplayTree \-\-for=\*(Aq*\*(Aq .Ve .PP This example creates a group \fIstaff\fR and gives all its members the permission to browse the datasource trees \fImain\fR and \fIthecustomer\fR. The next command creates a user \fIjsmith\fR and addts it to this group. The user name will be displayed as \fIJohn Smith\fR, and it will be let in with the given password. The third command creates a group \fIadmin\fR which is allowed o browse all existing trees. .SH "FILES" .IX Header "FILES" .IP "\fI/etc/torrus/conf/torrus\-siteconfig.pl\fR" 4 .IX Item "/etc/torrus/conf/torrus-siteconfig.pl" Torrus site configuration script. .IP "\fI/usr/share/torrus/templates/aclexport.xml\fR" 4 .IX Item "/usr/share/torrus/templates/aclexport.xml" Default template for the exports of \s-1ACL\s0 configuration. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fItorrus\fR\|(8) .SH "NOTES" .IX Header "NOTES" See more documentation at Torrus home page: http://torrus.org .SH "AUTHOR" .IX Header "AUTHOR" Stanislav Sinyagin