User Tools

Site Tools


access_control

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
access_control [2016/03/22 11:50] g00r00access_control [2024/03/03 03:20] (current) – [ACS Function Reference] added O5 ACS avon
Line 3: Line 3:
 Access Control Strings (or ACS) are found all over Mystic BBS and are used to control the who, what, and when of security access to various parts of your BBS.  Every menu, menu command, any many other functions in the BBS have an associated ACS definition which the SysOp can use to create and apply find-grained access control to all elements of the BBS. Access Control Strings (or ACS) are found all over Mystic BBS and are used to control the who, what, and when of security access to various parts of your BBS.  Every menu, menu command, any many other functions in the BBS have an associated ACS definition which the SysOp can use to create and apply find-grained access control to all elements of the BBS.
  
-The ACS system is designed to allow for the most intricate security controls without requiring programming, and consists comprised of a series of "functions" that either result in being True or False.  At the end, if all functions in an ACS are True, that means the user has access.+The ACS system is designed to allow for the most intricate security controls without requiring programming, and is comprised of a series of "functions" that either result in being True or False.  At the end, if all functions in an ACS are True, that means the user has access.
  
 Each ACS function is nothing more than a single character, most often followed by a parameter afterwards that supplements the function.  The most basic example of this would probably be an ACS of "s20" An ACS of "s20" uses the function "S" which means security level, followed by 20, which defines is parameter.  The result of this ACS is that the user must have a security level of 20 or higher to have access. Each ACS function is nothing more than a single character, most often followed by a parameter afterwards that supplements the function.  The most basic example of this would probably be an ACS of "s20" An ACS of "s20" uses the function "S" which means security level, followed by 20, which defines is parameter.  The result of this ACS is that the user must have a security level of 20 or higher to have access.
  
-In addition to this basic function and parameter system, ACS can use parenthesis to force an order of evaluation, and also has the typical Boolean operators AND OR NOT that can be used along with them.  Let's look at one example of a more complex ACS before we move on:+In addition to this basic function and parameter system, ACS can use parenthesis to force an order of evaluation, and also offers the typical Boolean operators AND OR NOT.  Let's look at one example of a more complex ACS before we move on:
  
      (s20!s21|s255)|u10|(h22!h23)      (s20!s21|s255)|u10|(h22!h23)
-     +
 The above ACS says that the user must have ANY one of the following things to have access: The above ACS says that the user must have ANY one of the following things to have access:
  
Line 27: Line 27:
 </code> </code>
  
-Now that we've had a little introduction to the ACS lets look at a reference of the ACS functions and their parameters:     +For most System Operators just basic ACS functions will be used, so its typically not nearly as complex as the example shown above.  Generally speaking, the security level and group ACS commands are used to build the access requirements of their BBS, meaning that a typical ACS might be "s20" or "s20g1"
 +===== ACS Function Reference ===== 
  
           Ax  -  This command is used to check the user's age.  Where X is           Ax  -  This command is used to check the user's age.  Where X is
                  the age the user must be in order to pass.                  the age the user must be in order to pass.
  
-          Dx   - This command is used to check if a user has a certain flag+          Dx   This command is used to check if a user has a certain flag
                  toggled ON in their SECOND set of flags.  Where X is the                  toggled ON in their SECOND set of flags.  Where X is the
                  flag which the user must have in order to pass.  For                  flag which the user must have in order to pass.  For
Line 40: Line 42:
           Ex  -  This command is used to check the user's current graphics           Ex  -  This command is used to check the user's current graphics
                  mode.  Where X is one of the following:                  mode.  Where X is one of the following:
- +      
-                      1 - User must have ANSI graphics +                    1 - User must have ANSI graphics 
-                      0 - User must have ASCII (none) graphics.+                    0 - User must have ASCII (none) graphics
  
           Fx  -  This command is used to check if a user has a certain flag           Fx  -  This command is used to check if a user has a certain flag
Line 60: Line 62:
                  after).  For example: H12 will prevent the user from                  after).  For example: H12 will prevent the user from
                  accessing this command before 12 noon on any given day.                  accessing this command before 12 noon on any given day.
 +
 +          Mx  -  This command is used to check if a user is access a
 +                 command at a certain minute.  Where X is the minute in
 +                 the 00-59 range.  For example: M15 means that it must
 +                 be quarter past the hour or later.
  
           Nx  -  This command is used to check if a user is online a           Nx  -  This command is used to check if a user is online a
Line 67: Line 74:
  
           OA  -  This command is used to check the status of the user's           OA  -  This command is used to check the status of the user's
-                 node message availibility.  If the user is able to+                 node message availability.  If the user is able to
                  receive node messages, OA will return true.  False if                  receive node messages, OA will return true.  False if
                  they are not available.                  they are not available.
 +
 +          OC  -  This command is used to check if it is the user's first
 +                 call into the BBS.  OC will return true if it is the
 +                 first call.
 +
 +          OF  -  This command returns TRUE if its the user's first call today
  
           OI  -  This command is used to check if a user's node status           OI  -  This command is used to check if a user's node status
                  is invisible to other nodes.  It will be set TRUE if                  is invisible to other nodes.  It will be set TRUE if
                  the user is invisible, false if not.                  the user is invisible, false if not.
 +
 +          OF  -  This command is used to check if its the user's first
 +                 connection of the day today.  It will be set TRUE if
 +                 the current connection is their first of the day.
  
           OK  -  This command is used to check the result of the last           OK  -  This command is used to check the result of the last
                  called Boolean menu command.  For more information, see                  called Boolean menu command.  For more information, see
                  the menu commands: -P, -Y, and -N.                  the menu commands: -P, -Y, and -N.
 +
 +          OM  -  This command is used to check if the user has System
 +                 Operator access to the current message base, or is
 +                 the owner of the current message when reading messages
 +                 in the Message bases (and therefore has Sysop-equivalent
 +                 access to just that message)
 +
 +          ON  -  This command is True if the last message new scan had
 +                 new messages read by the user.
  
           OP  -  This command is used to check the status of the user's           OP  -  This command is used to check the status of the user's
Line 84: Line 110:
                  false.  This option is useful to restrict users from                  false.  This option is useful to restrict users from
                  downloading if they're not active message posters.                  downloading if they're not active message posters.
 +
 +          OS  -  This command is true when the user is connected via a
 +                 securely encrypted connection to the BBS, such as SSH.
 +
 +          OV  -  This command returns True if the user has validated their
 +                 e-mail address
 +
 +          OY  -  This command returns True if the last new message scan had
 +                 new personal messages from the user.
 +
 +          O1  -  This command returns True if the user posted during this call
 +
 +          O2  -  This command returns True if user sent local e-mail during this call
 +
 +          O3  -  This command returns True if user uploaded a file during this call
 +
 +          O4  -  This command returns True if the user downloaded during this call
 +
 +          O5  -  This command returns True if user opened a door during this call
  
           Sx  -  This command is used to check if a user meets a certain           Sx  -  This command is used to check if a user meets a certain
Line 101: Line 146:
                  permanent index is listed in the user editor, and no two                  permanent index is listed in the user editor, and no two
                  users will ever have the same permanent index number.                  users will ever have the same permanent index number.
 +
 +          Wx  -  This command is used to check the day of the week, where X
 +                 is the day number (0 being Sunday and 6 being Saturday)
 +
 +          X#  -  This command is used to check the columns of a user's terminal
 +                 size, where # is the number of columns.  IE x132 returns TRUE
 +                 if the user has a terminal size of 132 columns or higher.
  
           Zx  -  This command is used to check if a user is in a certain           Zx  -  This command is used to check if a user is in a certain
Line 108: Line 160:
                  check.                  check.
  
-     Any of the above commands can be used together to create an ACS string +===== Examples ===== 
-     used by Mystic BBS.  Below are some examples of how they can be used:+ 
 +Any of the above commands can be used together to create an ACS string used by Mystic BBS.  Below are some examples of how they can be used:
  
           s255     - User must have security of 255 or higher.           s255     - User must have security of 255 or higher.
Line 120: Line 173:
                      ACS string.                      ACS string.
  
-     For added flexibility, Mystic also supports five logical operators +For added flexibility, Mystic also supports five logical operators which can be used in ACS:
-     which can be used in ACS strings:+
  
           & = Logical AND           & = Logical AND
Line 129: Line 181:
           % = Always FALSE           % = Always FALSE
  
-     In addition to the operators, Mystic BBS also allows parenthesis in ACS +In addition to the operators, Mystic BBS also allows parenthesis in ACS strings to allow evaluation of grouped ACS commands.  Some examples of using operators and grouping are:
-     strings to allow evaluation of grouped ACS commands.  Some examples of +
-     using operators and grouping are:+
  
           ^               Always returns TRUE.  Grants access to ALL users.           ^               Always returns TRUE.  Grants access to ALL users.
Line 146: Line 196:
                           higher.                           higher.
  
-     As you can see, the access command system gives Mystic BBS an 
-     incredible amount of flexibility when it comes to system security! 
access_control.1458665438.txt.gz · Last modified: 2016/03/22 11:50 by g00r00

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki