oracular (8) torrus_acledit.8.gz

Provided by: torrus-common_3.00-2_all bug

NAME

       acledit - Manage Torrus access control lists (ACLs).

SYNOPSIS

       torrus acledit [options...]

DESCRIPTION

       This command manages the Torrus access control lists. Each user is identified by user ID,
       and has a set of attributes. Currently supported attributes are "cn" (common name) and
       "userPasswordMD5" (MD5 digest of the user's password).

       Each user belongs to one or several groups. Each group has its own set of privileges. A
       privilege is identified by privilege name and object name. Currently only one privilege
       name is supported: "DisplayTree", and the object name is the name of the tree that this
       group is allowed to browse.

       User authorization in the web interface is controlled by the $Torrus::CGI::authorizeUsers
       variable in torrus-siteconfig.pl.

GROUP MANAGEMENT OPTIONS

       --addgroup=GROUP
           Creates a new group with the given name.

       --delgroup=GROUP
           Deletes the group with the given name.

       --modgroup=GROUP
           Modifies the given group.

       --permit=PRIVILEGE
           Grants privilege to group(s). Currently supported privileges are: "DisplayTree" for
           displaying a datasource tree, and "DisplayAdmInfo" for displaying the administrative
           information (all significant parameters for a given datasource leaf).

       --deny=PRIVILEGE
           Revokes group(s) privilege.

       --for=OBJECT
           Object for which privileges are granted or revoked. Currently it must be the name of
           the tree for which the "DisplayTree" and  "DisplayAdmInfo" privilegs are granted or
           revoked. The asterisk (*) instead of the object name assigns the privilege for all
           objects.

USER MANAGEMENT OPTIONS

       --adduser=UID
           Creates a new user with the given user ID.

       --addhost=HOST
           Creates a new user for host-based authentication. HOST should be an IPv4 or IPv6
           address of the HTTP client. The new username is the address with all non-alphanumeric
           characters replaced with underscores.  Host password is changed by <--hostpassword>
           option.

       --deluser=UID
           Deletes user with the given user ID.

       --moduser=UID
           Modifies the user attributes for the given user ID.

       --addtogroup=GROUP
           Adds user to the given group.

       --delfromgroup=GROUP
           Deletes user from the given group.

       --password=PASSWORD
           Sets user's password.

       --hostpassword=PASSWORD
           Sets the password for host-based authentication. The HTTP client should add "hostauth"
           parameter with the password as a value.

       --cn=NAME
           Sets user's common name.

       --showuser=UID
           Displays information for a given user.

GENERAL OPTIONS

       --export=FILE
           Exports ACL configuration to a given file.

       --template=FILE
           Uses the given template file when exporting. Default value is aclexport.xml.

       --import=FILE
           Imports ACL configuration from the given file.

       --clear
           Deletes all user and privileges configuration.

       --list
           Lists all users and groups they belong to.

       --debug
           Sets the log level to debug.

       --verbose
           Sets the log level to info.

       --help
           Displays a help message.

EXAMPLES

         torrus acledit --addgroup=staff --permit=DisplayTree \
           --for=main --for=thecustomer
         torrus acledit --adduser=jsmith --password=mysecretpassword \
           --cn="John Smith" --addtogroup=staff
         torrus acledit --addgroup=admin --permit=DisplayTree --for='*'

       This example creates a group staff and gives all its members the permission to browse the
       datasource trees main and thecustomer. The next command creates a user jsmith and addts it
       to this group. The user name will be displayed as John Smith, and it will be let in with
       the given password. The third command creates a group admin which is allowed o browse all
       existing trees.

FILES

       /etc/torrus/conf/torrus-siteconfig.pl
           Torrus site configuration script.

       /usr/share/torrus/templates/aclexport.xml
           Default template for the exports of ACL configuration.

SEE ALSO

       torrus(8)

NOTES

       See more documentation at Torrus home page: http://torrus.org

AUTHOR

       Stanislav Sinyagin <ssinyagin@k-open.com>