--- doc/trustee.html 2002/07/28 16:24:55 1.4 +++ doc/trustee.html 2002/07/28 17:51:23 1.5 @@ -14,7 +14,7 @@
Comments are written using hash (#) as first character in line
# this is a comment
Group can be used instead of username in all ACLs. You can't have user +
Group can be used instead of user-name in all ACL. You can't have user
which has same name as group or vice-versa. It's written using plus (+) as
first character in line.
+group:user[,user...]
-# dpavlin is admin (grant all access to members of root group) +# dpavlin is administrator (grant all access to members of root group) +root:dpavlin /:root:RWB # give read-only access to all users @@ -73,6 +74,38 @@ FIX write more examples, better descriptions... + +Anonymous access
+ +One of great advantages of using trustees is that you can allow +anonymous access (without login). You should pay attention to access +right, because you probably don't want anonymous users to see all files +or folders in your repository. +
+ +First, you will have to add browse trustee to anonymous user +on root directory -- docman will ignore all anonymous users if +you don't do this. +
+ /:anonymous:BO ++You really want to use flags BO and not just B because +if you specify just B anonymous users will be able to browse (see +directory names) of your whole repository. This way you can explicitly +allow (or deny) which sub-directories you want anonymous users to browse. +
For example, this will allow anonymous users to see and read everything +in /pub and to store documents in /incoming: ++ /pub:anonymous:RB + /incoming:anonymous:RWB ++You might also want to hide some directory from anonymous users, and you +can do that using: ++ /private:anonymous:DB ++ +Default security
If none of trustee rules satisfy, default policy is deny. Basically,