gnustep/libs-ec
0
0
Fork 0
mirror of https://github.com/gnustep/libs-ec.git synced 2025-02-16 00:21:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
libs-ec/Operators.plist
Richard Frith-Macdonald c05b210840 clarify comments
2023-04-04 11:10:25 +01:00

98 lines
4 KiB
Text
Raw Blame History

{
/* This file configures the names/passwords of the people allowed to use
* the Console program to control the system and the commands that each
* operator may use.
*
* There may be a default operator configuration specified (using an empty
* string as its name) which behaves specially.
*
* The Password field normally contains a password hash used to authenticate
* login as that operator, but may also be an empty string (allows any login
* attempt) or may be identical to the username (the user must enter their
* username as their password) or may be a hyphen (to prevent login as that
* operator).
*
* The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$')
* is preferred.
*
* The (optional) Commands value is either an array listing the commands
* that the operator can use, or the name of another operator entry which
* contains such a list of commands. The referenced operator entry defines
* a 'role' capable of executing the defined set of commands.
*
* When the password '-' is used to prevent login, the Commands setting
* of the operator may still be referenced as a role by the entries of
* other operators.
*
* The omission of the Commands entry means that the commands array is
* supplied from the default entry (if there is one).
* If there is no Commands entry for the operator, and no entry for the
* default operator (or no default operator), all commands are available,
* but otherwise any error in the config (a Commands entry which is neither
* a string nor an array, or a string which does not reference an operator
* entry with a Command array) means that no commands are available.
* An entry of the form 'Commands = ();' for the default operator is
* sufficient to disable all commands for all operators until/unless
* commands are specifically enabled for them.
*
* It is possible to log in to the Console using an operator name which is
* not explicitly configured. In that case the default operator entry is
* used as follows:
* 1. The Passord from the default entry is used to permit/refuse the login.
* 2. The Commands from the default entry is used to define the commands that
* the operator may use, and if this is not present no commands may be used.
*
* NB. There are a few special cases for commands as follows:
* The 'quit' command is always permitted for the Console itself, and
* only needs to be listed to quit client processes, Command or Control.
* The special key words for routing commands; 'connect', 'tell', and 'on'
* are not considered to be commands and therefore do not need to be
* listed in Commands arrays.
* The 'config' command needs to be listed for at least one operator in
* order to be able to change configuration. Without it, configuration
* could only be changed by killing and restarting the Control server.
*
* Just add a definition for yourself as below:
*/
richard = {
Password = hashedPasswordOrUsernameOrEmptyString;
};
/* If Password is omitted or is empty, then any password is accepted
* to allow the user to log in.
*/
guest = {
Password = "";
};
/* Where a Commands array is supplied, the operator is prevented from
* using any of the commands not listed in the array.
*/
restricted = {
Password = hashedPasswordOrUsernameOrEmptyString;
Commands = (
launch,
list,
quit,
restart,
status
);
};
/* If the entry with no name exists, it will be used to allow login for
* any username which doesn't exist in this file.
* This entry will also be used to supply a Commands array for any user
* whose own entry does not supply one.
* The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$')
* is preferred.
*/
"" = {
Password = hashedPasswordOrEmptyString;
Commands = (
status
);
};
}
Reference in a new issue View git blame Copy permalink