ns_perm - Add users, groups, and permissions
ns_perm implements a command set for simple password and group management for NaviServer.
Adds the user with the specified name and the encrypted password (encpass) and the specified user text (userfield) into the users database.
-allow and hostnames are specified, the user will be allowed on the specified hostnames.
-deny and hostnames are specified, the user will be denied on the specified hostnames. The hostname must be specified as ipaddress/netmask or dnshostname.
128.2.142.0/255.255.255.0 or www.microsoft.com or .microsoft.com.
-salt By default password is assumed encrypted with the ns_crypt command and salt "CU":
ns_crypt mypasswd CU
This argument tells command that password is clear text and it should be encrypted by the ns_perm command with specified salt.
-clear Tells that we keep password in clear text
Delete user from the memory.
Create a new group with the specified name that includes the users listed after the name.
Delete group from the memory.
Allow the specified user to access the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.
Deny the specified user access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.
Allow the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.
Deny the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.
Check if the specified plain-text password is correct for the specified user. A Tcl error is thrown if it does not match.
Updates the specified user's password to the encrypted password encpass. The password should be encrypted using ns_encrypt.
Produce Tcl list of all current users in the format username password ....
Produce Tcl list with all registered groups in the format: groupname {user ...} ...
Produce Tcl list with all registered allow/deny statements for each url
Reloads all nsperm files, on very busy sites there could happen authentication denies because this command clears the memory first and then loads files from the disk
Update an existing user's password, both in the running server's memory as well as in the passwd file on disk. The user is the name of the user whose password is to be updated. The oldpasswd argument is the user's old password, or the nsadmin password, in plain text. The newpasswd argument is the new password in plain text.
The following configuration options are available to control permission module:
This parameter if set to true, enables .htaccess mode, similar to what the Apache web server has but very simple and limited in functionality.
On every request the server looks for .htaccess file in the current request directory and loads it if modified since the last read. The structure of the file is simple:
allow user ... deny user ...
This parameter determines in .htaccess mode which file with users and passwords needs to be checked for modification and reloaded automatically. If .htaccess mode is not active, the parameter is ignored.
ns_section ns/server/$server/module/nsperm {
ns_param htaccess true
ns_param passwdfile /usr/local/ns/modules/nsperm/passwd
}
ns_perm adduser test [ns_crypt testpass ""] TestUser ns_perm adduser -salt CU test2 test TestUser2 ns_perm allowuser GET /Documents test test2