/[docman2]/doc/trustee.html

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /doc/trustee.html

Parent Directory | Revision Log | View Patch Patch

-revision 1.3 by dpavlin,
Sun Jul 28 11:48:30 2002 UTC
+revision 1.6 by dpavlin,
Mon Jul 29 10:29:05 2002 UTC
 Line 14 
 concept of trustees for Linux kernel by
  <p>Comments are written using hash (#) as first character in line
  <br><tt># this is a comment</tt></p>
- <p>Group can be used instead of username in all ACLs. You can't have user
+ <p>Group can be used instead of user-name in all ACL. You can't have user
  which has same name as group or vice-versa. It's written using plus (+) as
  first character in line.
  <br>+<i>group</i>:<i>user</i>[,<i>user</i>...]</p>
 Line 27 
 Valid modifiers:
  <li><tt>!</tt> trustee applies to all except user or group
  <li><tt>C</tt> clear the permission (default is to set)
  <li><tt>D</tt> deny access (default is grant)
+ <li><tt>O</tt> one-level trustee only <small>(this means that those permissions
+         will not be inherited on directories and files downwards from current
+         level -- it's useful for <a href="#anonymous">anonymous access</a>)
+         </small>
  </ul>
  Valid permissions:
-Line 40 
 Valid permissions:
+Line 44 
 Valid permissions:
  <h2>Examples</h2>
  <pre>
- # dpavlin is admin (grant all access to members of root group)
+ # dpavlin is administrator (grant all access to members of root group)
  +root:dpavlin
  /:root:RWB
  # give read-only access to all users
-Line 70 
 Which will work.
+Line 74 
 Which will work.
  <big>FIX</big> write more examples, better descriptions...
+ <a name="anonymous">
+ <h3>Anonymous access</h3>
+ <p>One of great advantages of using trustees is that you can allow
+ anonymous access (without login). You should pay attention to access
+ right, because you probably don't want anonymous users to see all files
+ or folders in your repository.
+ </p>
+ <p>First, you will have to add browse trustee to anonymous user
+ on root directory -- docman will ignore all anonymous users if
+ you don't do this.
+ <pre>
+         /:anonymous:BO
+ </pre>
+ You really <b>want to use flags <tt>BO</tt></b> and not just <tt>B</tt> because
+ if you specify just <tt>B</tt> anonymous users will be able to browse (see
+ directory names) of your whole repository. This way you can explicitly
+ allow (or deny) which sub-directories you want anonymous users to browse.
+ <br>For example, this will allow anonymous users to see and read everything
+ in <tt>/pub</tt> and to store documents in <tt>/incoming</tt>:
+ <pre>
+         /pub:anonymous:RB
+         /incoming:anonymous:RWB
+ </pre>
+ You might also want to hide some directory from anonymous users, and you
+ can do that using:
+ <pre>
+         /private:anonymous:DB
+ </pre>
+ If you would like to <b>give all your users</b> which are authetificated via
+ login and password <b>all access</b> to all files (like in old docman v1.x) you
+ also have to add
+ <pre>
+         /:*:RWB
+ </pre>
+ However, that <b>will not add all
+ permission to anonymous users</b>. If you want to add all that permission
+ to anonymous users (which will create wiki-like comunity for sharing files)
+ you must explicitly say that you allow that to anonymous users:
+ <pre>
+         /:anonymous:RWB
+ </pre>
+ All those setting will create enviroment which is very like docman v1.x,
+ but with anonymous users allowed to see document in <tt>/pub</tt> and
+ upload them in <tt>/incoming</tt>.
+ </p>
  <h2>Default security</h2>
  <p>If none of trustee rules satisfy, default policy is <i>deny</i>. Basically,

 Legend:



Removed from v.1.3
 


changed lines


 
Added in v.1.6
 Legend:



Removed from v.1.3
 


changed lines


 
Added in v.1.6
-Removed from v.1.3
+Added in v.1.6

	ViewVC Help
Powered by ViewVC 1.1.26