The Abilis implements an access control system based on:
Authentication of the user in the Users table;
Creation of a virtual path in the HTTP Virtual Roots Path table;
Creation of an access right for that virtual Path in the HTTP Virtual Paths Access Rights table.
Users can access to HTTP server only if they're enabled to HTTP
service (parameter HTTP
set tot
YES
).
[16:50:04] ABILIS_CPX:d user
------------------------+-------------+----------------------------------------
USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin *** YES # # NO YES YES YES YES NO NO NO NO
guest NO # # NO NO NO NO NO NO NO NO NO
httpuser *** YES # # NO NO NO NO YES NO NO NO NO
To show the detailed user configuration parameters, type the command d user:<username>.
[16:50:06] ABILIS_CPX:d user:httpuser
Parameter: | Value:
--------------------+----------------------------------------------------------
USER: httpuser
REAL-NAME: httpuser
ID: 9 <Read Only>
PWD: ***
ACT: YES
CP-LEVEL: NO
SSH-IP-PERMIT: *
TELNET-IP-PERMIT: *
CTI-ROLE: EXTENSION
GROUP:
CTIP: #
CTIP-CDI-PERMIT: *
CLUS: #
CLUS-CDI-PERMIT: *
ADDRBOOK-SYNC: SYS
ADDRBOOK-NUMBER: AUTO
ADDRBOOK-OUTDIAL: NONE
ADDRBOOK-PRIV-MAX: SYS
ADDRBOOK-PUB-EDITABLE:SYS
IO-MAP: #
OPC-ROLE: USER
OPC-VIEW: *
OPC-HIDE-NUMBERS: NO
OPC-MONITOR: SIP
OPC-PRIVACY: NO
CHAT: NO
CHAT-USER: SYS
CHAT-PWD: SYS
HTTP: YES
HTTP-LEVEL: BASIC
HTTP-HOME-URL:
HTTP-PROT: PLAIN,SSL
-------------------------------------------------------------------------------
Tip | |
---|---|
Interesting chapter: Section 6.9, “Users Table”. |
Meaning of the parameters:
HTTP
Enable/disable HTTP for this user [NO, YES].
HTTP-LEVEL
Role of the user which determines the degree of detail of
the web interface [BASIC
,
ADVANCED
, MANAGER
,
ADMINISTRATOR
].
HTTP-HOME-URL
User home page URL. SYS or max 128 ASCII characters. Spaces
require double quotes (e.g.: "/My url/my
page.htm
").
If it's empty: the homepage is the default.
When "SYS
", the homepage URL is
"/sys/user/sharedhome/home.html
" and
"home.html
" file will be loaded from
PUB\HOME
. But if a file named
"home.html
" is found in the subdirectory
HOME of HTTP working directory (e.g.
C:\APP\HTTP\HOME
\), this one will be
loaded.
The pages that are under the virtual path
"/sys/user/home/
" will be loaded from to
the user directory
C:\APP\USERS\<username>\
. Example:
HTTP-HOME-URL
:/sys/user/home/my_home_page.html
will load the file
C:\APP\USERS\<username>\my_home_page.html
.
When is set to any other URL, the HTTP server will try
to resolve and open it (e.g.
HTTP-HOME-URL
:http://ilmeteo.it/
).
HTTP-PROT
HTTP protocol [PLAIN
: not encrypted;
SSL
: encrypted]. Values can be joined using ','
character.
HTTP Virtual Paths Table specifies the association between virtual paths and their respective physical paths.
Virtual Paths can be added/set/displayed/cleared with the commands:
a/s/d/c http path:<virtual path> [phys-path:<physical path>]
The whole table can be shown with the following command. The table is empty by default:
[15:12:11] ABILIS_CPX:d http path
Parameter: | Value:
------------+------------------------------------------------------------------
PATH: /test/
PHYS-PATH: c:\usr\pub\test\
-------------------------------------------------------------------------------
PATH: /trfafiles/
PHYS-PATH: c:\app\trfa\
-------------------------------------------------------------------------------
Type the below command to show a specific path:
[15:12:15] ABILIS_CPX:d http path:/test/
Parameter: | Value:
------------+------------------------------------------------------------------
PATH: /test/
PHYS-PATH: c:\usr\pub\test\
-------------------------------------------------------------------------------
Meaning of the parameters:
PATH
Virtual root path. Max 32 chars. Spaces require double quotes (E.g. "/My dir/")
PHYS-PATH
Physical path. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\").
This table specifies the associations between virtual paths, users and their respective access rights.
Access rights for a specific virtual path can be added/set/displayed/cleared with the following commands.
Adds the path only.
Adds user and path.
Sets rights and other parameters for an already existent user.
Deletes an existing user; if the user is the last one the path isn't deleted.
Displays rights summary.
Displays rights for a specific path.
Displays rights which a user has on all paths; the paths for which the user isn't defined are skipped.
Tip | |
---|---|
Access rights for a specific virtual path can be added/set/displayed/cleared specifying the path or the id: the following commands are equivalent. [12:14:07] ABILIS_CPX: |
An example of the output is shown below (by default the table contains the following entries):
[17:54:31] ABILIS_CPX:d http rights
-------------------------------------------------------------------------------
ID: PATH:
USER: FILE: DIR: RECUR: PROT:
-------------------------------------------------------------------------------
1 /sys/
admin r--- l--- YES PLAIN,SSL
-------------------------------------------------------------------------------
2 /sys/pub/
anonymous r--- ---- YES PLAIN,SSL
-------------------------------------------------------------------------------
The rights are split in “file rights” and
“directory rights” and are configured/viewed with two
different parameters: FILE
and
DIR
.
The syntax is:
FILE:[+|-R][+|-W][+|-D][+|-N] DIR:[+|-L][+|-C][+|-D][+|-N]
The +
sets granted right.
The -
sets denied right.
If +
or -
isn't
specified, the value +
is assumed, so it may be
omitted.
Not specified right is left unchanged.
FILE
and DIR
values do
not care about the characters' position.
FILE
and DIR
values are
case insensitive.
The following commands are equivalent:
S HTTP RIGHTS PATH:/ USER:test FILE:+R+W+D+N
S HTTP RIGHTS PATH:/ USER:test FILE:rwdn
S HTTP RIGHTS PATH:/ USER:test FILE:NdwR
S HTTP RIGHTS PATH:/ USER:test FILE:+D-N
S HTTP RIGHTS PATH:/ USER:test FILE:D-N
S HTTP RIGHTS PATH:/ USER:test FILE:-ND