Next: Control API, Previous: inetd configuration, Up: Top [Contents][Index]
This appendix describes the ‘user-group’ extension for
GNU Pies ACLs. This extension is reserved for
the future use.
The user-group ACL statement specifies which users match this entry. Allowed values are the following:
allAll users.
authenticatedOnly authenticated users.
group group-listAuthenticated users which are members of at least one of groups listed in group-list.
For example, the following statement defines an ACL which allows access for any user connected via local UNIX socket /tmp/pies.sock or coming from a local network ‘192.168.10.0/24’. Any authenticated users are allowed, provided that they are allowed by another ACL ‘my-nets’ (which should have been defined before this definition). Users coming from the network ‘10.10.0.0/24’ are allowed if they authenticate themselves and are members of groups ‘pies’ or ‘users’. Access is denied for anybody else:
acl {
allow all from ("/tmp/pies.sock", "192.168.10.0/24");
allow authenticated acl "my-nets";
allow group ("pies", "users") from "10.10.0.0/24";
deny all;
}