-
Notifications
You must be signed in to change notification settings - Fork 2
/
Operators.plist
98 lines (94 loc) · 4.01 KB
/
Operators.plist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
{
/* This file configures the names/passwords of the people allowed to use
* the Console program to control the system and the commands that each
* operator may use.
*
* There may be a default operator configuration specified (using an empty
* string as its name) which behaves specially.
*
* The Password field normally contains a password hash used to authenticate
* login as that operator, but may also be an empty string (allows any login
* attempt) or may be identical to the username (the user must enter their
* username as their password) or may be a hyphen (to prevent login as that
* operator).
*
* The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$')
* is preferred.
*
* The (optional) Commands value is either an array listing the commands
* that the operator can use, or the name of another operator entry which
* contains such a list of commands. The referenced operator entry defines
* a 'role' capable of executing the defined set of commands.
*
* When the password '-' is used to prevent login, the Commands setting
* of the operator may still be referenced as a role by the entries of
* other operators.
*
* The omission of the Commands entry means that the commands array is
* supplied from the default entry (if there is one).
* If there is no Commands entry for the operator, and no entry for the
* default operator (or no default operator), all commands are available,
* but otherwise any error in the config (a Commands entry which is neither
* a string nor an array, or a string which does not reference an operator
* entry with a Command array) means that no commands are available.
* An entry of the form 'Commands = ();' for the default operator is
* sufficient to disable all commands for all operators until/unless
* commands are specifically enabled for them.
*
* It is possible to log in to the Console using an operator name which is
* not explicitly configured. In that case the default operator entry is
* used as follows:
* 1. The Passord from the default entry is used to permit/refuse the login.
* 2. The Commands from the default entry is used to define the commands that
* the operator may use, and if this is not present no commands may be used.
*
* NB. There are a few special cases for commands as follows:
* The 'quit' command is always permitted for the Console itself, and
* only needs to be listed to quit client processes, Command or Control.
* The special key words for routing commands; 'connect', 'tell', and 'on'
* are not considered to be commands and therefore do not need to be
* listed in Commands arrays.
* The 'config' command needs to be listed for at least one operator in
* order to be able to change configuration. Without it, configuration
* could only be changed by killing and restarting the Control server.
*
* Just add a definition for yourself as below:
*/
richard = {
Password = hashedPasswordOrUsernameOrEmptyString;
};
/* If Password is omitted or is empty, then any password is accepted
* to allow the user to log in.
*/
guest = {
Password = "";
};
/* Where a Commands array is supplied, the operator is prevented from
* using any of the commands not listed in the array.
*/
restricted = {
Password = hashedPasswordOrUsernameOrEmptyString;
Commands = (
launch,
list,
quit,
restart,
status
);
};
/* If the entry with no name exists, it will be used to allow login for
* any username which doesn't exist in this file.
* This entry will also be used to supply a Commands array for any user
* whose own entry does not supply one.
* The format for a hashed password is that created by the mkpasswd
* program and the crypt() function. The SHA512 hash (starts '$6$')
* is preferred.
*/
"" = {
Password = hashedPasswordOrEmptyString;
Commands = (
status
);
};
}