NAME¶
acledit - Manage Torrus access control lists (ACLs).
SYNOPSIS¶
torrus acledit [
options...]
DESCRIPTION¶
This command manages the Torrus access control lists. Each user is identified by
user ID, and has a set of attributes. Currently supported attributes are
"cn" (common name) and "userPasswordMD5" (MD5 digest of
the user's password).
Each user belongs to one or several groups. Each group has its own set of
privileges. A privilege is identified by privilege name and object name.
Currently only one privilege name is supported: "DisplayTree", and
the object name is the name of the tree that this group is allowed to browse.
User authorization in the web interface is controlled by the
$Torrus::CGI::authorizeUsers variable in
torrus-siteconfig.pl.
GROUP MANAGEMENT OPTIONS¶
- --addgroup=GROUP
- Creates a new group with the given name.
- --delgroup=GROUP
- Deletes the group with the given name.
- --modgroup=GROUP
- Modifies the given group.
- --permit=PRIVILEGE
- Grants privilege to group(s). Currently supported privileges are:
"DisplayTree" for displaying a datasource tree, and
"DisplayAdmInfo" for displaying the administrative information
(all significant parameters for a given datasource leaf).
- --deny=PRIVILEGE
- Revokes group(s) privilege.
- --for=OBJECT
- Object for which privileges are granted or revoked. Currently it must be
the name of the tree for which the "DisplayTree" and
"DisplayAdmInfo" privilegs are granted or revoked. The asterisk
(*) instead of the object name assigns the privilege for all objects.
USER MANAGEMENT OPTIONS¶
- --adduser=UID
- Creates a new user with the given user ID.
- --addhost=HOST
- Creates a new user for host-based authentication. HOST should be an
IPv4 or IPv6 address of the HTTP client. The new username is the address
with all non-alphanumeric characters replaced with underscores. Host
password is changed by <--hostpassword> option.
- --deluser=UID
- Deletes user with the given user ID.
- --moduser=UID
- Modifies the user attributes for the given user ID.
- --addtogroup=GROUP
- Adds user to the given group.
- --delfromgroup=GROUP
- Deletes user from the given group.
- --password=PASSWORD
- Sets user's password.
- --hostpassword=PASSWORD
- Sets the password for host-based authentication. The HTTP client should
add "hostauth" parameter with the password as a value.
- --cn=NAME
- Sets user's common name.
- --showuser=UID
- Displays information for a given user.
GENERAL OPTIONS¶
- --export=FILE
- Exports ACL configuration to a given file.
- --template=FILE
- Uses the given template file when exporting. Default value is
aclexport.xml.
- --import=FILE
- Imports ACL configuration from the given file.
- --clear
- Deletes all user and privileges configuration.
- --list
- Lists all users and groups they belong to.
- --debug
- Sets the log level to debug.
- --verbose
- Sets the log level to info.
- --help
- Displays a help message.
EXAMPLES¶
torrus acledit --addgroup=staff --permit=DisplayTree \
--for=main --for=thecustomer
torrus acledit --adduser=jsmith --password=mysecretpassword \
--cn="John Smith" --addtogroup=staff
torrus acledit --addgroup=admin --permit=DisplayTree --for='*'
This example creates a group
staff and gives all its members the
permission to browse the datasource trees
main and
thecustomer.
The next command creates a user
jsmith and addts it to this group. The
user name will be displayed as
John Smith, and it will be let in with
the given password. The third command creates a group
admin which is
allowed o browse all existing trees.
FILES¶
- /etc/torrus/conf/torrus-siteconfig.pl
- Torrus site configuration script.
- /usr/share/torrus/templates/aclexport.xml
- Default template for the exports of ACL configuration.
SEE ALSO¶
torrus(8)
NOTES¶
See more documentation at Torrus home page:
http://torrus.org
AUTHOR¶
Stanislav Sinyagin <ssinyagin@yahoo.com>