[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [2881] Initial security file documentation.
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [2881] Initial security file documentation. |
Date: |
Mon, 13 Oct 2008 19:24:57 +0000 |
Revision: 2881
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=2881
Author: gscrivano
Date: 2008-10-13 19:24:56 +0000 (Mon, 13 Oct 2008)
Log Message:
-----------
Initial security file documentation.
Modified Paths:
--------------
trunk/myserver/documentation/myserver.texi
Added Paths:
-----------
trunk/myserver/documentation/security.texi
Modified: trunk/myserver/documentation/myserver.texi
===================================================================
--- trunk/myserver/documentation/myserver.texi 2008-10-13 19:20:25 UTC (rev
2880)
+++ trunk/myserver/documentation/myserver.texi 2008-10-13 19:24:56 UTC (rev
2881)
@@ -71,6 +71,7 @@
* Virtual hosts:: Virtual hosts configuration.
* MIME types:: MIME types configuration.
* Process security:: Process security.
+* Security files:: Describe how use security files.
* SSL certificates:: Show how to use SSL certificates.
* Log management:: Describe how to use the log management features.
@@ -100,12 +101,17 @@
@cindex MIME types
@include mime_types.texi
address@hidden Process security, SSL certificates, MIME types, Top
address@hidden Process security, Security files, MIME types, Top
@chapter Process security
@cindex Process security
@include process_security.texi
address@hidden SSL certificates, Log management, Process security, Top
address@hidden Security files, SSL certificates, Process security, Top
address@hidden Process security
address@hidden Process security
address@hidden process_security.texi
+
address@hidden SSL certificates, Log management, Security files, Top
@chapter SSL certificates
@cindex SSL certificates
@include ssl_certificates.texi
Added: trunk/myserver/documentation/security.texi
===================================================================
--- trunk/myserver/documentation/security.texi (rev 0)
+++ trunk/myserver/documentation/security.texi 2008-10-13 19:24:56 UTC (rev
2881)
@@ -0,0 +1,73 @@
address@hidden -*-texinfo-*-
+It is possible to change almost any configuration for a single
+directory or a single resource trough the @file{.security.xml}.
+This file can be placed in any web directory and it will overwrite
+default configuration values. If the @file{.security.xml} file is not
+found in the directory where the requested resource is, then MyServer
+will look in the parents directory until the file is found.
+If @file{.security.xml} is not present in the virtual host root
+directory then the default one which is present in the system
+directory will be used.
+
+Usually consider the first valid value found in this order:
address@hidden
address@hidden Local @file{.security.xml}.
address@hidden Parent directories @file{.security.xml}.
address@hidden System vhost directory @file{.security.xml}.
address@hidden Virtual host configuration.
address@hidden Global server configuration.
address@hidden enumerate
+
+Some values are not configurable in any @file{.security.xml} file and
+they are took directly from the Virtual host configuration and in some
+cases directly from the global configuration file.
+
+In MyServer there are two different steps involved in the logging
+phase: user authentication and validation.
+
+In the first step a permission mask is found given the
+username:password pair, no other information are used in this phase.
+In the second phase this value is refined using more information.
+The two phases are completely separated and it is possible to use
+different sources for any of them.
+
+The @file{.security.xml} can be used for both phases and by default it
+is.
+
+The anonymous user is matched inside MyServer with the ``Guest''
+username and an empty password.
+
address@hidden Security file user authentication
+The information used for the first phase of logging is a simple list
+of USER elements. Any permission is configured by an attribute, if
+the attribute value is equal to ``YES'' then the permission is granted.
+
+The permissions that MyServer considers are:
address@hidden
address@hidden READ
address@hidden EXECUTE
address@hidden BROWSE
address@hidden WRITE
address@hidden DELETE
address@hidden enumerate
+
+In the following example we enable an anonymous user to access
+resources in READ/EXECUTE/BROWSE mode, DELETE and WRITE are both
+denied.
+
address@hidden
+<SECURITY>
+ <USER name="Guest" password="" READ="YES" EXECUTE="YES" BROWSE="YES"
+ DELETE="NO" WRITE="NO"/>
+</SECURITY>
address@hidden example
+
+As no other information beside username:password is used, this first
+phase is the same for any protocol supported by MyServer.
+
address@hidden FTP Anonymous user
+To allow the @file{.security.xml} re-use, the FTP ``Anonymous'' user
+is mapped internally by MyServer to the ``Guest'' user.
address@hidden subsection
+
address@hidden section
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [2881] Initial security file documentation.,
Giuseppe Scrivano <=