DragonFly On-Line Manual Pages
TORRUS_ACLEDIT(1) torrus TORRUS_ACLEDIT(1)
NAME
acledit - Manage Torrus access control lists (ACLs).
SYNOPSIS
torrus acledit [options...]
DESCRIPTION
This command manages the Torrus access control lists. Each user is
identified by user ID, and has a set of attributes. Currently supported
attributes are "cn" (common name) and "userPasswordMD5" (MD5 digest of
the user's password).
Each user belongs to one or several groups. Each group has its own set
of privileges. A privilege is identified by privilege name and object
name. Currently only one privilege name is supported: "DisplayTree",
and the object name is the name of the tree that this group is allowed
to browse.
User authorization in the web interface is controlled by the
$Torrus::CGI::authorizeUsers variable in torrus-siteconfig.pl.
GROUP MANAGEMENT OPTIONS
--addgroup=GROUP
Creates a new group with the given name.
--delgroup=GROUP
Deletes the group with the given name.
--modgroup=GROUP
Modifies the given group.
--permit=PRIVILEGE
Grants privilege to group(s). Currently supported privileges are:
"DisplayTree" for displaying a datasource tree, and
"DisplayAdmInfo" for displaying the administrative information (all
significant parameters for a given datasource leaf).
--deny=PRIVILEGE
Revokes group(s) privilege.
--for=OBJECT
Object for which privileges are granted or revoked. Currently it
must be the name of the tree for which the "DisplayTree" and
"DisplayAdmInfo" privilegs are granted or revoked. The asterisk (*)
instead of the object name assigns the privilege for all objects.
USER MANAGEMENT OPTIONS
--adduser=UID
Creates a new user with the given user ID.
--addhost=HOST
Creates a new user for host-based authentication. HOST should be an
IPv4 or IPv6 address of the HTTP client. The new username is the
address with all non-alphanumeric characters replaced with
underscores. Host password is changed by <--hostpassword> option.
--deluser=UID
Deletes user with the given user ID.
--moduser=UID
Modifies the user attributes for the given user ID.
--addtogroup=GROUP
Adds user to the given group.
--delfromgroup=GROUP
Deletes user from the given group.
--password=PASSWORD
Sets user's password.
--hostpassword=PASSWORD
Sets the password for host-based authentication. The HTTP client
should add "hostauth" parameter with the password as a value.
--cn=NAME
Sets user's common name.
--showuser=UID
Displays information for a given user.
GENERAL OPTIONS
--export=FILE
Exports ACL configuration to a given file.
--template=FILE
Uses the given template file when exporting. Default value is
aclexport.xml.
--import=FILE
Imports ACL configuration from the given file.
--clear
Deletes all user and privileges configuration.
--list
Lists all users and groups they belong to.
--debug
Sets the log level to debug.
--verbose
Sets the log level to info.
--help
Displays a help message.
EXAMPLES
torrus acledit --addgroup=staff --permit=DisplayTree \
--for=main --for=thecustomer
torrus acledit --adduser=jsmith --password=mysecretpassword \
--cn="John Smith" --addtogroup=staff
torrus acledit --addgroup=admin --permit=DisplayTree --for='*'
This example creates a group staff and gives all its members the
permission to browse the datasource trees main and thecustomer. The
next command creates a user jsmith and addts it to this group. The user
name will be displayed as John Smith, and it will be let in with the
given password. The third command creates a group admin which is
allowed o browse all existing trees.
FILES
/usr/local/etc/torrus/conf/torrus-siteconfig.pl
Torrus site configuration script.
/usr/local/share/torrus/templates/aclexport.xml
Default template for the exports of ACL configuration.
SEE ALSO
torrus(1)
NOTES
See more documentation at Torrus home page: http://torrus.org
AUTHOR
Stanislav Sinyagin <ssinyagin@yahoo.com>
torrus 2.07 2016-02-19 TORRUS_ACLEDIT(1)