NaviServer - programmable web server
4.99  5.0

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_perm(n) 5.0.0a nsperm "NaviServer Built-in Commands"

Name

ns_perm - Add users, groups, and permissions

Table Of Contents

Synopsis

Description

ns_perm implements a command set for simple password and group management for NaviServer.

COMMANDS

ns_perm adduser ?-allow? ?-deny? ?-clear? ?-salt value? ?--? name encpass userfield ?host ...?

Adds the user with the specified name and the encrypted password encpass and the specified user text (userfield) into the users database.

-allow and hostnames are specified, the user will be allowed on the specified hostnames.

-deny and hostnames are specified, the user will be denied on the specified hostnames. The hostname must be specified as ipaddress/netmask or dnshostname.

 128.2.142.0/255.255.255.0 or www.microsoft.com or .microsoft.com.

-salt By default password is assumed encrypted with the ns_crypt command and salt "CU":

 ns_crypt mypasswd CU

This argument tells command that password is clear text and it should be encrypted by the ns_perm command with specified salt.

-clear Tells that we keep password in clear text

ns_perm deluser name

Delete user from the memory.

ns_perm addgroup group user ?user ...?

Create a new group with the specified name that includes the users listed after the group name.

ns_perm delgroup name

Deletes group from the memory.

ns_perm allowuser ?-noinherit? ?--? method url user ...

Allow the specified user to access the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.

ns_perm denyuser ?-noinherit? ?--? method url user ...

Deny the specified user access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.

ns_perm allowgroup ?-noinherit? ?--? method url group ...

Allow the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.

ns_perm denygroup ?-noinherit? ?--? method url group ...

Deny the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.

ns_perm checkpass user passwd

Checks if the specified plain-text password is correct for the specified user. A Tcl error is thrown if it does not match.

ns_perm setpass user encpass ?salt?

Updates the specified user's password to the encrypted password encpass and the optional provided salt. The password should be encrypted using ns_encrypt.

ns_perm listusers

Returns a Tcl list of all current users in the format username password ....

ns_perm listgroups

Returns a Tcl list with all registered groups in the format: groupname {user ...} ...

ns_perm listperms

Returns a Tcl list with all registered allow/deny statements for each URL.

ns_permreload

Reloads all nsperm files, on very busy sites there could happen authentication denies because this command clears the memory first and then loads files from the disk

ns_permpasswd user oldpasswd newpasswd

Updates an existing user's password, both in the running server's memory as well as in the passwd file on disk. The user is the name of the user whose password is to be updated. The oldpasswd argument is the user's old password, or the nsadmin password, in plain text. The newpasswd argument is the new password in plain text.

CONFIGURATION

The following configuration options are available to control permission module:

htaccess

This parameter if set to true, enables .htaccess mode, similar to what the Apache web server has but very simple and limited in functionality.

On every request the server looks for .htaccess file in the current request directory and loads it if modified since the last read. The structure of the file is simple:

 allow user ...
 deny user ...
passwdfile

This parameter determines in .htaccess mode which file with users and passwords needs to be checked for modification and reloaded automatically. If .htaccess mode is not active, the parameter is ignored.

 ns_section ns/server/$server/module/nsperm {
   ns_param htaccess   true
   ns_param passwdfile /usr/local/ns/modules/nsperm/passwd
 }

EXAMPLES

 ns_perm adduser test [ns_crypt testpass ""] TestUser
 ns_perm adduser -salt CU test2 test TestUser2
 
 ns_perm allowuser GET /Documents test test2

See Also

ns_crypt, nsd

Keywords

NaviServer, nsperm, server built-in