[leafnode-list] ACLs
Matthew Parry
mettw at mettw.homelinux.net
Sun Jul 30 05:32:21 CEST 2006
I've been reading up a bit and thinking about ACLs and I can see
now that there are some problems with the way I've implemented
them. To make ACLs more general, for application to user/pass
etc, I think there should be a separate file defining the ACLs
which will allow us to refer to lists of groups by name.
eg, we could have a file /etc/leafnode/access such as:
# Define some lists of groups.
#
# acl=name - define a new acl called "name"
# groups=pattern,pattern,... - set which groups
# belong to the ACL using
# wildmat patterns.
# The standard hierarchies.
acl=standard
groups=alt.*,comp.*,gnu.*,linux.*,misc.*,news.*,rec.*,sci.*,soc.*,talk.*
# Groups with no relevance to a business
acl=recreational
groups=alt.*,rec.*,talk.*
# Groups allowed at some business accessing the server
# add=name,name,... - Add the groups in the named ACLs.
# delete=name,name,... - Delete the groups in the named ACLs.
acl=business
add=standard
delete=recreational
# The business is in Australia, so add the aus hierarchy
groups=aus.*
We can then do IP based access control by setting the
env var LEAFNODE_ACL to "business" or whatever.
The LIST filtering thing I added should be removed and
the LIST command should be filtered to match the current
acl.
What do you think?
--
Matthew Parry
-
"There now, didn't I tell you to keep a good count? Well,
there's an end of the story. God knows there's no going on
with it now." - Sancho Panza.
More information about the leafnode-list
mailing list