NAME

acledit - Manage RRFW access control lists (ACLs).

SYNOPSIS

acledit [options...]

DESCRIPTION

This command manages the RRFW access control lists. Each user is identified by user ID, and has a set of attributes. Currently supported attributes are cn (common name) and userPasswordMD5 (MD5 digest of the user's password).

Each user belongs to one or several groups. Each group has its own set of privileges. A privilege is identified by privilege name and object name. Currently only one privilege name is supported: DisplayTree, and the object name is the name of the tree that this group is allowed to browse.

User authorization in the web interface is controlled by the $RRFW::ApacheHandler::authorizeUsers variable in rrfw-siteconfig.pl.

GROUP MANAGEMENT OPTIONS

--addgroup=GROUP: Creates a new group with the given name.
--delgroup=GROUP: Deletes the group with the given name.
--modgroup=GROUP: Modifies the given group.
--permit=PRIVILEGE: Grants privilege to group(s). Currently supported privileges are: DisplayTree for displaying a datasource tree, and DisplayAdmInfo for displaying the administrative information (all significant parameters for a given datasource leaf).
--deny=PRIVILEGE: Revokes group(s) privilege.
--for=OBJECT: Object for which privileges are granted or revoked. Currently it must be the name of the tree for which the DisplayTree and DisplayAdmInfo privilegs are granted or revoked. The asterisk (*) instead of the object name assigns the privilege for all objects.

USER MANAGEMENT OPTIONS

--adduser=UID: Creates a new user with the given user ID.
--deluser=UID: Deletes user with the given user ID.
--moduser=UID: Modifies the user attributes for the given user ID.
--addtogroup=GROUP: Adds user to the given group.
--delfromgroup=GROUP: Deletes user from the given group.
--password=PASSWORD: Sets user's password.
--cn=NAME: Sets user's common name.
--showuser=UID: Displays information for a given user.

GENERAL OPTIONS

--export=FILE: Exports ACL configuration to a given file.
--template=FILE: Uses the given template file when exporting. Default value is aclexport.xml.
--import=FILE: Imports ACL configuration from the given file.
--clear: Deletes all user and privileges configuration.
--list: Lists all users and groups they belong to.
--debug: Sets the log level to debug.
--verbose: Sets the log level to info.
--help: Displays a help message.

EXAMPLES

  acledit --addgroup=staff --permit=DisplayTree \
    --for=main --for=thecustomer
  acledit --adduser=jsmith --password=mysecretpassword \
    --cn="John Smith" --addtogroup=staff
  acledit --addgroup=admin --permit=DisplayTree --for='*'

This example creates a group staff and gives all its members the permission to browse the datasource trees main and thecustomer. The next command creates a user jsmith and addts it to this group. The user name will be displayed as John Smith, and it will be let in with the given password. The third command creates a group admin which is allowed o browse all existing trees.

FILES

/usr/local/rrfw-0.1/share/rrfw/rrfw-siteconfig.pl: RRFW site configuration script.
/usr/local/rrfw-0.1/share/rrfw/templates/aclexport.xml: Default template for the exports of ACL configuration.

NOTES

See more documentation at RRFW home page: http://rrfw.sf.net

AUTHOR

Stanislav Sinyagin <ssinyagin@yahoo.com>