About cgi.cf
|
syntax
|
- Whitespace is generally ignored, unless otherwise noted.
- boldface denotes keywords.
- [brackets] denote optional keywords.
- Separators (|) denote mutually exclusive keywords.
- Comments begin with a # symbol, and may appear
anywhere. Comments must be terminated with newlines.
<argname> : [a-zA-Z0-9\._-]+
<argvalue> : [^ \n\t][^\n]*
<name> : [a-zA-Z0-9\.+%@_-]+
<number> : [0-9]+
<path> : [^\n]*
<regex> : [^ \n\t]*
|
cgi.cf controls the behavior of the Web
Interface.
Authentication Modules
|
syntax
|
authmodule <name> {
[<argname> <argvalue>]
[...]
}
|
About Authentication Modules
Web Authentication Modules authenticate
users for the web interface. That is, they identify who a user is
(and optionally, what groups the user is in), but do not determine
what privileges the user has.
Dependencies
Authentication Module Keywords
authmodule <name>
|
Specify the name of the module to run. Web Authentication modules
are expected to be found in $MODDIR/webauth/modulename
(where $MODDIR is by default $INSTDIR/mod).
Arguments passed to the module are specified as name/value pairs,
with one pair per line. The specific arguments for each module are
described in the module's documentation. # symbols are
treated as part of the argument, not as a comment.
Multiple authmodules may be defined. When a login operation is
requested, the authmodules will be called in the order specified
until one returns an AuthOK value of
either yes or deferred.
If no authmodule is defined, CGI functions requiring privileged access
will not be available.
|
Examples
- Using the IP module, with only two
workstations as authenticatable users:
authmodule ip {
validhost reg[foo\.site\.org$]
}
authmodule ip {
validhost reg[bar\.site\.org$]
}
Note that, because only one regular expression relation can be
provided per argument, it is necessary to stack two
authmodule stanzas. It would be better to simply
use authmodule ip {} and restrict access using a
user authorization.
Authorizations
|
syntax
|
authorization {
(user | group) <regex> (admin | clipboard | rw | exec | ro | none)
[...]
}
|
About Authorizations
Authorizations determine which authenticated users have what levels
of access. Usernames and group memberships are obtained from
authentication modules and compared against
the entries defined here.
Dependencies
Authorization Keywords
authorization
|
Specify who has what level of access. The following levels of access
are defined:
- admin: Administrator (implies clipboard)
- clipboard: Clipboard (implies rw)
- rw: Read/Write (implies exec)
- exec: Execute (implies ro)
- ro: Read Only
- none: No access
During an authorization request, entries are processed from the top
of the list until the first matching line is found. If no matching
entry is found, the default authorization ro is implied.
|
Examples
- To change the default authorization to none while allowing
only the user jsmith full access:
authorization {
user jsmith admin
user .* none
}
- To grant members of the group admins and the "user"
workstation.site.org (as returned by the ip web authentication module) read/write
access:
authorization {
group admins rw
user workstation\.site\.org rw
}
Clipboards
|
syntax
|
clipemail <name>
clipphone <name>
|
About Clipboards
Clipboards permit notes to be saved
and transmitted. Clipboard configuration happens via the web
interface, however some default values may be set here.
Dependencies
Clipboard Keywords
clipemail <name>
|
The default contact email address for Clipboards.
|
clipphone <name>
|
The default contact phone number for Clipboards.
|
Examples
- Setting the default contact email address sent with the Clipboard:
clipemail nobody@nowhere.com
- Setting the default contact phone number sent with the Clipboard:
clipphone 212-555-1212
Pageset
|
syntax
|
pageset <name>
|
About Pagesets
Pagesets are collections
of source pages that can be delivered by the web interface.
The default Pageset can be defined here.
Dependencies
Pageset Keywords
pageset <path>
|
Define the default Pageset, or collection of source files to use.
If multiple Pagesets are available, this value can be overridden
by the client. The location of the Pagesets is determined by the
Source Directory.
If this keyword is omitted, en_US will be used as the default.
|
Examples
- Set the default Pageset to mypageset:
pageset mypageset
Session Timeout
|
syntax
|
authsessiontime <number>
|
About Session Timeout
The Session Timeout determines how frequently reauthentication is
required.
Dependencies
Session Timeout Keywords
authsessiontime <number>
|
Set the session timeout, to number minutes.
If this keyword is omitted, 30 will be used as the default.
|
Examples
- Set the session timeout to three hours:
authsessiontime 180
Source Directory
|
syntax
|
srcdir <path>
|
About Source Directory
The Source Directory determines where Pagesets
are delivered from.
Dependencies
Source Directory Keywords
srcdir <path>
|
Define the source file directory. Under this directory are the
Pagesets, which contain the files processed and delivered by the
web interface.
If this keyword is omitted, $INSTDIR/html/sw will be used.
|
Examples
- Change the source directory:
srcdir /www/data/sw/pagesets
State Directory
|
syntax
|
statedir <path>
|
About State Directory
The State Directory is used by the web interface to store state
information.
Dependencies
State Directory Keywords
statedir <path>
|
Set the state directory, where the web interface can write state
information. This directory must be writeable by the user the
web server runs as.
Note: The state directory specified in the configuration
directory by the statedir keyword must be created manually.
It must be owned and writeable by the user that web server runs as, or
writeable by a group that the web server is in.
survivor# mkdir $STATEDIR
survivor# chown $WWWUSER $STATEDIR
survivor# chmod 755 $STATEDIR
Note: There is no default for this directory. If this
directory is not specified, or if it does not exist, then operations
requiring state manipulation (including login) will not be available.
|
Examples
- Set the state directory:
statedir /var/survivor/cgi
$Date: 2006/11/19 16:49:46 $
$Revision: 0.5 $
|
keywords
authmodule
authorization
authsessiontime
clipemail
clipphone
pageset
srcdir
statedir
|