[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I've been reading up a bit and thinking about ACLs and I can see
now that there are some problems with the way I've implemented
them. To make ACLs more general, for application to user/pass
etc, I think there should be a separate file defining the ACLs
which will allow us to refer to lists of groups by name.
eg, we could have a file /etc/leafnode/access such as:
# Define some lists of groups.
# acl=name - define a new acl called "name"
# groups=pattern,pattern,... - set which groups
# belong to the ACL using
# wildmat patterns.
# The standard hierarchies.
# Groups with no relevance to a business
# Groups allowed at some business accessing the server
# add=name,name,... - Add the groups in the named ACLs.
# delete=name,name,... - Delete the groups in the named ACLs.
# The business is in Australia, so add the aus hierarchy
We can then do IP based access control by setting the
env var LEAFNODE_ACL to "business" or whatever.
The LIST filtering thing I added should be removed and
the LIST command should be filtered to match the current
What do you think?
"There now, didn't I tell you to keep a good count? Well,
there's an end of the story. God knows there's no going on
with it now." - Sancho Panza.
leafnode-list mailing list