1 |
dpavlin |
1.1 |
<h1>ACL implementation in docman</h1> |
2 |
|
|
|
3 |
|
|
<p>ACL implementation in docman is called <b>trustees</b>. It's based on |
4 |
|
|
concept of trustees for Linux kernel by Vyacheslav Zavadsky |
5 |
|
|
<zavadsky@braysystems.com> |
6 |
|
|
</p> |
7 |
|
|
|
8 |
|
|
<p>Trustiees are used to controll access right, and special fetures |
9 |
|
|
(like notify on change) |
10 |
|
|
</p> |
11 |
|
|
|
12 |
|
|
<h2>Format of trustee file</h2> |
13 |
|
|
|
14 |
|
|
<p>Comments are written using hash (#) as first character in line |
15 |
|
|
<br><tt># this is a comment</tt></p> |
16 |
|
|
|
17 |
|
|
<p>Group can be used instead of username in all ACLs. You can't have user |
18 |
|
|
which has same name as group or vice-versa. It's written using plus (+) as |
19 |
|
|
first character in line. |
20 |
|
|
<br>+<i>group</i>:<i>user</i>[,<i>user</i>...]</p> |
21 |
|
|
|
22 |
|
|
<p>ACL is defined |
23 |
|
|
<br><i>path</i>[<i>file</i>]<b>:</b>(<i>user</i>|<i>+group</i>|*)[,<i>user</i>...]:[<i>modifier</i>]<i>permission</i>[:...]</p> |
24 |
|
|
|
25 |
|
|
Valid modifiers: |
26 |
|
|
<ul> |
27 |
|
|
<li><tt>!</tt> trustee applies to all except user or group |
28 |
|
|
<li><tt>C</tt> clear the persmission (default is to set) |
29 |
|
|
<li><tt>D</tt> deny access (default is grant) |
30 |
|
|
</ul> |
31 |
|
|
|
32 |
|
|
Valid permissions: |
33 |
|
|
<ul> |
34 |
|
|
<li><tt>R</tt> read (file) |
35 |
|
|
<li><tt>W</tt> write (file) |
36 |
|
|
<li><tt>B</tt> browse (directory) |
37 |
|
|
<li><tt>N</tt> notify (e-mail change) |
38 |
|
|
</ul> |
39 |
|
|
|
40 |
|
|
<h2>Examples</h2> |
41 |
|
|
|
42 |
|
|
<pre> |
43 |
|
|
# dpavlin is admin (grant all access to members of root group) |
44 |
|
|
+root:dpavlin |
45 |
|
|
/:root:RWB |
46 |
|
|
# give read-only access to all users |
47 |
|
|
/:*:R |
48 |
|
|
# anyone can write in this file |
49 |
|
|
/public_write.txt:*:w |
50 |
|
|
# let just joe access secret file |
51 |
|
|
/secret:joe:!CRW |
52 |
|
|
</pre> |
53 |
|
|
|
54 |
|
|
<p>There is major difference between <b>deny</b> and <b>clear</b>. If you |
55 |
|
|
want to deny access to one file except to use joe (which should have |
56 |
|
|
read-only access) you could write: |
57 |
|
|
|
58 |
|
|
<pre> |
59 |
|
|
/secret.txt:*:DRWB:joe:R |
60 |
|
|
</pre> |
61 |
|
|
|
62 |
|
|
That is wrong. <b>deny</b> rules will take precedance over allow read |
63 |
|
|
to joe. So, you should write: |
64 |
|
|
|
65 |
|
|
<pre> |
66 |
|
|
/secret.txt:*:CRWB:joe:R |
67 |
|
|
</pre> |
68 |
|
|
|
69 |
|
|
Which will work. |
70 |
|
|
|
71 |
|
|
<big>FIX</big> write more examples, beter descriptions... |
72 |
|
|
|
73 |
|
|
<h2>Default security</h2> |
74 |
|
|
|
75 |
|
|
<p>If none of trustee rules satisfy, default policy is <i>deny</i>. Basically, |
76 |
|
|
you have to explicitly allow all your users access to files (which can be |
77 |
|
|
as simple as <tt>/:*:RB</tt> to give <i>read</i> and <i>browse</i> to all |
78 |
|
|
users) |
79 |
|
|
</p> |
80 |
|
|
|
81 |
|
|
<h2>docman without trustee configuration</h2> |
82 |
|
|
|
83 |
|
|
<p>If you <b>don't have</b> <tt>realm/http_virtual_host.trustee</tt> you |
84 |
|
|
will fall-back to default docman v1.x behaviour: whole group will have |
85 |
|
|
all right on all files except <i>anonymous</i> users (which won't be able |
86 |
|
|
to login anyway). |
87 |
|
|
</p> |