[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[myserver-commit] [2881] Initial security file documentation.

From: Giuseppe Scrivano
Subject: [myserver-commit] [2881] Initial security file documentation.
Date: Mon, 13 Oct 2008 19:24:57 +0000

Revision: 2881

Author:   gscrivano
Date:     2008-10-13 19:24:56 +0000 (Mon, 13 Oct 2008)

Log Message:
Initial security file documentation.

Modified Paths:

Added Paths:

Modified: trunk/myserver/documentation/myserver.texi
--- trunk/myserver/documentation/myserver.texi  2008-10-13 19:20:25 UTC (rev 
+++ trunk/myserver/documentation/myserver.texi  2008-10-13 19:24:56 UTC (rev 
@@ -71,6 +71,7 @@
 * Virtual hosts:: Virtual hosts configuration.
 * MIME types:: MIME types configuration.
 * Process security:: Process security.
+* Security files:: Describe how use security files.
 * SSL certificates:: Show how to use SSL certificates.
 * Log management:: Describe how to use the log management features.
@@ -100,12 +101,17 @@
 @cindex MIME types
 @include mime_types.texi
address@hidden Process security, SSL certificates, MIME types, Top
address@hidden Process security, Security files, MIME types, Top
 @chapter Process security
 @cindex Process security
 @include process_security.texi
address@hidden SSL certificates, Log management, Process security, Top
address@hidden Security files, SSL certificates, Process security, Top
address@hidden Process security
address@hidden Process security
address@hidden process_security.texi
address@hidden SSL certificates, Log management, Security files, Top
 @chapter SSL certificates
 @cindex SSL certificates
 @include ssl_certificates.texi

Added: trunk/myserver/documentation/security.texi
--- trunk/myserver/documentation/security.texi                          (rev 0)
+++ trunk/myserver/documentation/security.texi  2008-10-13 19:24:56 UTC (rev 
@@ -0,0 +1,73 @@
address@hidden -*-texinfo-*-
+It is possible to change almost any configuration for a single
+directory or a single resource trough the @file{.security.xml}.
+This file can be placed in any web directory and it will overwrite
+default configuration values.  If the @file{.security.xml} file is not
+found in the directory where the requested resource is, then MyServer
+will look in the parents directory until the file is found.
+If @file{.security.xml} is not present in the virtual host root
+directory then the default one which is present in the system
+directory will be used.
+Usually consider the first valid value found in this order:
address@hidden Local @file{.security.xml}.
address@hidden Parent directories @file{.security.xml}.
address@hidden System vhost directory @file{.security.xml}.
address@hidden Virtual host configuration.
address@hidden Global server configuration.
address@hidden enumerate
+Some values are not configurable in any @file{.security.xml} file and
+they are took directly from the Virtual host configuration and in some
+cases directly from the global configuration file.
+In MyServer there are two different steps involved in the logging
+phase: user authentication and validation.
+In the first step a permission mask is found given the
+username:password pair, no other information are used in this phase.
+In the second phase this value is refined using more information.
+The two phases are completely separated and it is possible to use
+different sources for any of them.
+The @file{.security.xml} can be used for both phases and by default it
+The anonymous user is matched inside MyServer with the ``Guest''
+username and an empty password.
address@hidden Security file user authentication
+The information used for the first phase of logging is a simple list
+of USER elements.  Any permission is configured by an attribute, if
+the attribute value is equal to ``YES'' then the permission is granted.
+The permissions that MyServer considers are:
address@hidden READ
address@hidden EXECUTE
address@hidden BROWSE
address@hidden WRITE
address@hidden DELETE
address@hidden enumerate
+In the following example we enable an anonymous user to access
+resources in READ/EXECUTE/BROWSE mode, DELETE and WRITE are both
+  <USER name="Guest" password="" READ="YES" EXECUTE="YES" BROWSE="YES"
+     DELETE="NO" WRITE="NO"/>
address@hidden example
+As no other information beside username:password is used, this first
+phase is the same for any protocol supported by MyServer.
address@hidden FTP Anonymous user
+To allow the @file{.security.xml} re-use, the FTP ``Anonymous'' user
+is mapped internally by MyServer to the ``Guest'' user.
address@hidden subsection
address@hidden section

reply via email to

[Prev in Thread] Current Thread [Next in Thread]