(New in rush 102.40f and up)
Permit users to access certain rush functions.
The syntax of the 'permit' command is as follows:
permit
{
functionlist:
{
userlist
}
functionlist:
{
userlist
}
}
Comments can be interspersed within the 'permit' command, and
must be delimited with '#'.
To permit users to only online/offline/getoff their own machines,
or a specific list of machines, see below
for examples of how to do this.
'userlist' is a list of users who will be granted access to the
functions in the preceding 'functionlist' described below.
User names can be separated by commas (,) spaces ( ) or can
appear on separate lines, or any combination of commas, spaces
and lines. '*' is special in that it matches 'all users'.
No verification is done to check if user names are actually valid,
so it's not an error to specify non-existant users. The rush debugging
flag 'F' can be used to debug 'permit' settings, e.g. 'rush -d F -ping |& grep permit:'.
'functionlist' is a comma or space separated list of function names
from the table below, which specifies the functions that will be
granted to the users in 'userlist'. 'functionlist' can contain any of:
Permit Functions
|
everything
|
/All/ operations in this table, including administrative commands,
eg:
rush -push,
rush -dexit,
rush -rotate..
|
online
|
Lets users use 'rush -online' command.
or the same function in onrush(1)
|
offline
|
Lets users use 'rush -offline' command,
or the same function in onrush(1)
|
getoff
|
Lets users use 'rush -getoff' command,
or the same function in onrush(1)
|
kill
|
Lets users use the 'k' kill priority (eg. +any=100k)
(This setting can be overridden by 'disablepflags k')
|
almighty
|
Lets users use the 'a' almighty priority (eg. +any=100a)
(This setting can be overridden by 'disablepflags a')
|
Permit Examples
Default Permissions The default rush permissions.
|
# Example. The default permit behavior:
# 1. 'root' and 'administrator' can do /everything/
# 2. everyone else can do only normal user stuff (not admin commands)
#
permit
{
everything:
{
root # unix 'root' user
administrator # windows 'administrator' user
}
online,offline,getoff,kill,almighty:
{
* # allow everyone to do these functions
}
}
|
Wide Open Permissions Let everyone do everything.
|
permit
{
everything:
{
* # everyone can do admin functions (everything)
}
}
|
Specific User Permissions Allow certain users to have specific permissions
|
# Example. Configure specific user permissions:
# 1) 'root' and 'administrator' can do /everything/
# 2) 'fred' and 'fez' can online/offline
# 3) 'jack' 'jane' and 'fred' can use kill/almighty priorities
# 4) 'bill' and 'ted' to use online/offline/getoff/kill
#
permit
{
everything:
{
root,administrator # root,administrator can do everything
}
online,offline
{
fred,fez # fred,fez can online and offline machines
}
kill,almighty:
{
jack,jane,fred # jack,jane and fred can use k/a priority
}
online,offline,getoff,kill:
{
bill,ted # bill and ted can online/offline/getoff
# and use 'k' priority
}
}
|
Real World Example
|
permit
{
everything:
{
root,administrator
}
online,offline:
{
*
}
getoff:
{
# Only production TDs can getoff. *ahem*
# "FIFTH"
fifth,jendy,rinbow,mia,kang,ty,karl,markip,ochere,bchavez,jge
klovance,amby,kweith,ezimmerman,jhl,jinx,benbower,kholzman,
pshino,klm,ronan,bmittle,kenbergman,jw
# "HONDA"
honda,zaustin,justinp,avio,mia,bks,mdavis,adamk,gutzin,rga
jmilburn,jenn,aglass,orink,kcb,ronan,kglass,andrew
# PRODUCERS
lisa,bonk,wandas,dan
# RENDER WATCHERS
dannyb,nick,hellerman,donovan
}
kill,almighty:
{
# PRODUCERS
lisa,bonk,wandas,dan
# DATA I/O
catlin,dman
}
# USERS WHO CAN USE ONLINE/OFFLINE/GETOFF ON THEIR OWN MACHINES ONLY
# Note use of new 'host=<hostname>' to limit commands to run
# only on the machines specified.
#
online,offline,getoff:
{
host=hollywood fred # fred can control host hollywood
host=fenway jenna # jenna can control host fenway
host=oaklawn bks,fred # bks and fred can control host oaklawn
host=+farm dannyb,nick,hellerman,donovan # render watchers can control farm hosts
}
}
|
Permitting Users To Only Control Their Own Hosts
The 'host=' and 'os=' prefixes (described in the rush.conf file format description)
can be used to cause lines to be executed only on specific hosts.
Example. This shows how to configure 'permit' to allow users
to online/offline/getoff certain machines:
Permit Workstation Online/Offline Allow users to online/offline their own workstations.
|
permit
{
[..]
online,offline,getoff:
{
host=tahoe erco,jack # erco and jack can control host tahoe
host=ontario reid # reid can control host ontario
host=+farm erco # erco can control all hosts in the +farm host group
}
}
|
See Also:
|