ns_perm - Add users, groups, and permissions
ns_perm adduser adds the user with the specified name and the encrypted password (encpass) and the specified user text (userfield) into the users database.
-allow and hostnames are specified, the user will be allowed on the specified hostnames.
-deny and hostnames are specified, the user will be denied on the specified hostnames. The hostname must be specified as ipaddress/netmask or dnshostname.
128.2.142.0/255.255.255.0 or www.microsoft.com or .microsoft.com.
-salt By default password is assumed encrypted with ns_crypt command and salt CU:
ns_crypt mypasswd CU
This argument tells command that password is clear text and it should be encrypted by the ns_perm command with specified salt.
-clear Tells that we keep password in clear text
ns_perm deluser deletes user from the memory
ns_perm addgroup creates a new group with the specified name that includes the users listed after the name.
ns_perm delgroup deletes group from the memory
ns_perm allowuser allows the specified user access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.
ns_perm denyuser denies the specified user access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.
ns_perm allowgroup allows the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is allowed; otherwise, URLs under that URL are allowed as well.
ns_perm denygroup denies the specified group access to the specified method and URL combination. If -noinherit is specified, only access to the exact URL is denied; otherwise, URLs under that URL are denied as well.
ns_perm checkpass checks that the specified plain-text password is correct for the specified user. A Tcl error is thrown if it does not match.
ns_perm setpass updates the specified user's password to the encrypted password encpass. The password should be encrypted using ns_encrypt.
Produce Tcl list of all current users in the format username password ....
Produce Tcl list with all registered groups in the format: groupname {user ...} ...
Produce Tcl list with all registered allow/deny statements for each url
Reloads all ns_perm files, on very busy sites there could happen authentication denies because this command clears the memory first and then loads files from the disk
ns_permpasswd updates an existing user's password, both in the running server's memory as well as in the passwd file on disk. The user is the name of the user whose password is to be updated. The oldpasswd argument is the user's old password, or the nsadmin password, in plain text. The newpasswd argument is the new password in plain text.
The following configuration options are available to control permission module:
This parameter if set to true, enables .htaccess mode, similar to what the Apache web server has but very simple and limited in functionality.
On every request the server looks for .htaccess file in the current request directory and loads it if modified since the last read. The structure of the file is simple:
allow user ... deny user ...
This parameter determines in .htaccess mode which file with users and passwords needs to be checked for modification and reloaded automatically. If .htaccess mode is not active, the parameter is ignored.
ns_section "ns/server/servername/module/nsperm" ns_param htaccess true ns_param passwdfile /usr/local/ns/modules/nsperm/passwd
ns_perm adduser test [ns_crypt testpass ""] TestUser ns_perm adduser -salt CU test2 test TestUser2 ns_perm allowuser GET /Documents test test2