PlugAuth::Plugin::FlatAuthz - Authorization using flat files for PlugAuth
version 0.34
In your /etc/PlugAuth.conf
--- url: http://localhost:1234 group_file: /etc/plugauth/group.txt resource_file: /etc/plugauth/resource.txt host_file: /etc/plugauth/host.txt
touch the storage files:
% touch /etc/plugauth/group.txt \ /etc/plugauth/resource.txt \ /etc/plugauth/host.txt
Start PlugAuth:
% plugauth start
This is the default Authorization plugin for PlugAuth. It is designed to work closely with PlugAuth::Plugin::FlatAuth which is the default Authentication plugin.
This plugin provides storage for groups, hosts and access control for PlugAuth. In addition it provides a mechanism for PlugAuth to alter the group, host and access control databases.
The group file looks similar to a standard UNIX /etc/group file. Entries can be changed using either your favorite editor, or by using PlugAuth::Client. In this example there is a group both to which both bob and alice belong:
both: alice, bob
Group members can be specified using a glob (see Text::Glob) which match against the set of all users:
all: *
Each user automatically gets his own group, so if there are users named bob and alice, this is unnecessary:
alice: alice bob: bob
Each line of resource.txt has a resource, an action (in parentheses), and then a list of users or groups. The line grants permission for those groups to perform that action on that resource :
/house/door (enter) : alice, bob /house/backdoor (enter) : both /house/window (break) : alice /house (GET) : bob
The host file /etc/pluginauth/host.txt looks like this :
192.168.1.99:trusted 192.168.1.100:trusted
The IP addresses on the right represent hosts from which authorization should succeed.
Refresh the data (checks the files, and re-reads if necessary).
If $user can perform $action on $resource, return a string containing the group and resource that permits this. Otherwise, return false.
Given a regex, return all resources that match that regex.
Returns true if the given host has the given tag.
Returns a list of actions.
Returns the groups the given user belongs to as a list ref. Returns undef if the user does not exist.
Returns a list of all groups.
Return the list of users (as an array ref) that belong to the given group. Each user belongs to a special group that is the same as their user name and just contains themselves, and this will be included in the list.
Returns undef if the group does not exist.
Create a new group with the given users. $users is a comma separated list of user names.
Delete the given group.
Update the given group, setting the set of users that belong to that group. The existing group membership will be replaced with the new one. $users is a comma separated list of user names.
Add the given user to the given group.
Remove the given user from the given group
Grant the given group or user ($group) the authorization to perform the given action ($action) on the given resource ($resource).
Revoke the given group or user ($group) the authorization to perform the given action ($action) on the given resource ($resource).
Returns a list of granted permissions
PlugAuth, PlugAuth::Plugin::FlatAuth
Graham Ollis <gollis@sesda3.com>
This software is copyright (c) 2012 by NASA GSFC.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install PlugAuth, copy and paste the appropriate command in to your terminal.
cpanm
cpanm PlugAuth
CPAN shell
perl -MCPAN -e shell install PlugAuth
For more information on module installation, please visit the detailed CPAN module installation guide.