[leafnode-list] ACLs

Matthew Parry mettw at mettw.homelinux.net
Sun Jul 30 05:32:21 CEST 2006



I've been reading up a bit and thinking about ACLs and I can see
now that there are some problems with the way I've implemented
them.  To make ACLs more general, for application to user/pass
etc, I think there should be a separate file defining the ACLs
which will allow us to refer to lists of groups by name.

eg, we could have a file /etc/leafnode/access such as:

# Define some lists of groups.
#
# acl=name - define a new acl called "name"
# groups=pattern,pattern,... - set which groups
#			belong to the ACL using
#			wildmat patterns.

# The standard hierarchies.
acl=standard
groups=alt.*,comp.*,gnu.*,linux.*,misc.*,news.*,rec.*,sci.*,soc.*,talk.*

# Groups with no relevance to a business
acl=recreational
groups=alt.*,rec.*,talk.*

# Groups allowed at some business accessing the server
# add=name,name,... - Add the groups in the named ACLs.
# delete=name,name,... - Delete the groups in the named ACLs.
acl=business
add=standard
delete=recreational
# The business is in Australia, so add the aus hierarchy
groups=aus.*


We can then do IP based access control by setting the
env var LEAFNODE_ACL to "business" or whatever.

The LIST filtering thing I added should be removed and
the LIST command should be filtered to match the current
acl.

What do you think?

-- 

Matthew Parry

-
"There now, didn't I tell you to keep a good count?  Well,
there's an end of the story.  God knows there's no going on
with it now." - Sancho Panza.






More information about the leafnode-list mailing list