enigma-bbs/configuration/acs.html

2591 lines
28 KiB
HTML
Raw Permalink Normal View History

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/png" sizes="16x16" href="/enigma-bbs/assets/images/favicon-16x16.png">
<link rel="icon" type="image/png" sizes="32x32" href="/enigma-bbs/assets/images/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="32x32" href="/enigma-bbs/assets/images/favicon-32x32.png">
<link rel="stylesheet" href="/enigma-bbs/assets/css/style.css?v=">
<!-- Begin Jekyll SEO tag v2.7.1 -->
<title>Access Condition System (ACS) | ENiGMA½ BBS Software</title>
<meta name="generator" content="Jekyll v4.2.2" />
<meta property="og:title" content="Access Condition System (ACS)" />
<meta property="og:locale" content="en_US" />
<meta name="description" content="Access Condition System (ACS) ENiGMA½ uses an Access Condition System (ACS) that is both familiar to oldschool BBS operators and has its own style. With ACS, SysOps are able to control access to various areas of the system based on various conditions such as group membership, connection type, etc. Various touch points in the system are configured to allow for acs checks. In some cases ACS is a simple boolean check while others (via ACS blocks) allow to define what conditions must be true for certain rights such as read and write (though others exist as well)." />
<meta property="og:description" content="Access Condition System (ACS) ENiGMA½ uses an Access Condition System (ACS) that is both familiar to oldschool BBS operators and has its own style. With ACS, SysOps are able to control access to various areas of the system based on various conditions such as group membership, connection type, etc. Various touch points in the system are configured to allow for acs checks. In some cases ACS is a simple boolean check while others (via ACS blocks) allow to define what conditions must be true for certain rights such as read and write (though others exist as well)." />
<meta property="og:site_name" content="ENiGMA½ BBS Software" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2023-10-15T23:34:51+00:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="Access Condition System (ACS)" />
<script type="application/ld+json">
{"datePublished":"2023-10-15T23:34:51+00:00","description":"Access Condition System (ACS) ENiGMA½ uses an Access Condition System (ACS) that is both familiar to oldschool BBS operators and has its own style. With ACS, SysOps are able to control access to various areas of the system based on various conditions such as group membership, connection type, etc. Various touch points in the system are configured to allow for acs checks. In some cases ACS is a simple boolean check while others (via ACS blocks) allow to define what conditions must be true for certain rights such as read and write (though others exist as well).","mainEntityOfPage":{"@type":"WebPage","@id":"/enigma-bbs/configuration/acs.html"},"publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"/enigma-bbs/assets/images/enigma-logo.png"}},"url":"/enigma-bbs/configuration/acs.html","@type":"BlogPosting","headline":"Access Condition System (ACS)","dateModified":"2023-10-15T23:34:51+00:00","@context":"https://schema.org"}</script>
<!-- End Jekyll SEO tag -->
</head>
<body>
<div id="container">
<div class="sidebar" id="sidebar">
<hr class="mobile-divide">
<div class="container">
<a href="/enigma-bbs/"><img src="/enigma-bbs/assets/images/enigma-logo.png" class="logo" alt="Enigma logo"></a>
</div>
<ul>
<li>Installation</li>
<ul>
<li><a href="/enigma-bbs/installation/installation-methods.html">Installation Methods</a></li>
<li><a href="/enigma-bbs/installation/install-script.html">Install Script</a></li>
<li><a href="/enigma-bbs/installation/docker.html">Docker</a></li>
<li><a href="/enigma-bbs/installation/manual.html">Manual Installation</a></li>
<li>OS / Hardware Specific</li>
<ul>
<li><a href="/enigma-bbs/installation/hardware/rpi.html">Raspberry Pi</a></li>
<li><a href="/enigma-bbs/installation/hardware/windows.html">Installation Under Windows</a></li>
</ul>
<li><a href="/enigma-bbs/installation/network.html">Network Setup</a></li>
<li><a href="/enigma-bbs/installation/testing.html">Testing Your Installation</a></li>
<li><a href="/enigma-bbs/installation/production.html">Production Installation</a></li>
<li><a href="/enigma-bbs/installation/development.html">Development Environment Setup</a></li>
</ul>
<li>Configuration</li>
<ul>
<li><a href="/enigma-bbs/configuration/creating-config.html">Creating Initial Config Files</a></li>
<li><a href="/enigma-bbs/configuration/sysop-setup.html">SysOp Setup</a></li>
<li><a href="/enigma-bbs/configuration/config-files.html">Configuration Files</a></li>
<li><a href="/enigma-bbs/configuration/config-hjson.html">System Configuration</a></li>
<li><a href="/enigma-bbs/configuration/hjson.html">HJSON Config Files</a></li>
<li><a href="/enigma-bbs/configuration/menu-hjson.html">Menu HSJON</a></li>
<li><a href="/enigma-bbs/configuration/directory-structure.html">Directory Structure</a></li>
<li><a href="/enigma-bbs/configuration/external-binaries.html">External Support Binaries</a></li>
<li><a href="/enigma-bbs/configuration/archivers.html">Archivers</a></li>
<li><a href="/enigma-bbs/configuration/file-transfer-protocols.html">File Transfer Protocols</a></li>
<li><a href="/enigma-bbs/configuration/email.html">Email</a></li>
<li><a href="/enigma-bbs/configuration/colour-codes.html">Colour Codes</a></li>
<li><a href="/enigma-bbs/configuration/event-scheduler.html">Event Scheduler</a></li>
<li class="active-nav">Access Condition System (ACS)</li>
<li><a href="/enigma-bbs/configuration/security.html">Security</a></li>
</ul>
<li>Miscellaneous</li>
<ul>
<li><a href="/enigma-bbs/misc/user-interrupt.html">User Interruptions</a></li>
</ul>
<li>File Base</li>
<ul>
<li><a href="/enigma-bbs/filebase/index.html">About File Areas</a></li>
<li><a href="/enigma-bbs/filebase/first-file-area.html">Configuring a File Base</a></li>
<li><a href="/enigma-bbs/filebase/acs.html">ACS</a></li>
<li><a href="/enigma-bbs/filebase/uploads.html">Uploads</a></li>
<li><a href="/enigma-bbs/filebase/web-access.html">Web Access</a></li>
<li><a href="/enigma-bbs/filebase/tic-support.html">TIC Support</a></li>
<li><a href="/enigma-bbs/filebase/network-mounts-and-symlinks.html">Network Mounts &amp; Symlinks</a></li>
</ul>
<li>Message Areas</li>
<ul>
<li><a href="/enigma-bbs/messageareas/configuring-a-message-area.html">Message Base</a></li>
<li><a href="/enigma-bbs/messageareas/message-networks.html">Message Networks</a></li>
<li><a href="/enigma-bbs/messageareas/bso-import-export.html">BSO Import / Export</a></li>
<li><a href="/enigma-bbs/messageareas/netmail.html">Netmail</a></li>
<li><a href="/enigma-bbs/messageareas/qwk.html">QWK Support</a></li>
<li><a href="/enigma-bbs/messageareas/ftn.html">FidoNet-Style Networks (FTN)</a></li>
</ul>
<li>Art</li>
<ul>
<li><a href="/enigma-bbs/art/general.html">General Art Information</a></li>
<li><a href="/enigma-bbs/art/themes.html">Themes</a></li>
<li><a href="/enigma-bbs/art/mci.html">MCI Codes</a></li>
<li>Views</li>
<ul>
<li><a href="/enigma-bbs/art/views/button_view.html">Button View</a></li>
<li><a href="/enigma-bbs/art/views/edit_text_view.html">Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/full_menu_view.html">Full Menu View</a></li>
<li><a href="/enigma-bbs/art/views/horizontal_menu_view.html">Horizontal Menu View</a></li>
<li><a href="/enigma-bbs/art/views/mask_edit_text_view.html">Mask Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/multi_line_edit_text_view.html">Multi Line Edit Text View</a></li>
<li><a href="/enigma-bbs/art/views/spinner_menu_view.html">Spinner Menu View</a></li>
<li><a href="/enigma-bbs/art/views/text_view.html">Text View</a></li>
<li><a href="/enigma-bbs/art/views/toggle_menu_view.html">Toggle Menu View</a></li>
<li><a href="/enigma-bbs/art/views/vertical_menu_view.html">Vertical Menu View</a></li>
</ul>
</ul>
<li>Servers</li>
<ul>
<li>Login Servers</li>
<ul>
<li><a href="/enigma-bbs/servers/loginservers/telnet.html">Telnet Server</a></li>
<li><a href="/enigma-bbs/servers/loginservers/ssh.html">SSH Server</a></li>
<li><a href="/enigma-bbs/servers/loginservers/websocket.html">Web Socket / Web Interface Server</a></li>
</ul>
<li>Content Servers</li>
<ul>
<li><a href="/enigma-bbs/servers/contentservers/web-server.html">Web Server</a></li>
<li><a href="/enigma-bbs/servers/contentservers/gopher.html">Gopher Server</a></li>
<li><a href="/enigma-bbs/servers/contentservers/nntp.html">NNTP Server</a></li>
</ul>
</ul>
<li>Modding</li>
<ul>
<li><a href="/enigma-bbs/modding/local-doors.html">Local Doors</a></li>
<li><a href="/enigma-bbs/modding/door-servers.html">Door Servers</a></li>
<li><a href="/enigma-bbs/modding/telnet-bridge.html">Telnet Bridge</a></li>
<li><a href="/enigma-bbs/modding/existing-mods.html">Existing Mods</a></li>
<li><a href="/enigma-bbs/modding/file-area-list.html">File Area List</a></li>
<li><a href="/enigma-bbs/modding/last-callers.html">Last Callers</a></li>
<li><a href="/enigma-bbs/modding/whos-online.html">Who's Online</a></li>
<li><a href="/enigma-bbs/modding/user-list.html">User List</a></li>
<li><a href="/enigma-bbs/modding/msg-conf-list.html">Message Conference List</a></li>
<li><a href="/enigma-bbs/modding/msg-area-list.html">Message Area List</a></li>
<li><a href="/enigma-bbs/modding/bbs-list.html">BBS List</a></li>
<li><a href="/enigma-bbs/modding/rumorz.html">Rumorz</a></li>
<li><a href="/enigma-bbs/modding/file-transfer-protocol-select.html">File Transfer Protocol Select</a></li>
<li><a href="/enigma-bbs/modding/onelinerz.html">Onelinerz</a></li>
<li><a href="/enigma-bbs/modding/show-art.html">The Show Art Module</a></li>
<li><a href="/enigma-bbs/modding/file-base-download-manager.html">File Base Download Manager</a></li>
<li><a href="/enigma-bbs/modding/file-base-web-download-manager.html">File Base Web Download Manager</a></li>
<li><a href="/enigma-bbs/modding/set-newscan-date.html">Set Newscan Date Module</a></li>
<li><a href="/enigma-bbs/modding/node-msg.html">Node to Node Messaging</a></li>
<li><a href="/enigma-bbs/modding/top-x.html">TopX</a></li>
<li><a href="/enigma-bbs/modding/user-2fa-otp-config.html">2FA/OTP Config</a></li>
<li><a href="/enigma-bbs/modding/autosig-edit.html">Auto Signature Editor</a></li>
<li><a href="/enigma-bbs/modding/menu-modules.html">Menu Modules</a></li>
</ul>
<li>Administration</li>
<ul>
<li><a href="/enigma-bbs/admin/administration.html">Administration</a></li>
</ul>
<li>Modding</li>
<ul>
<li><a href="/enigma-bbs/modding/wfc.html">Waiting For Caller (WFC)</a></li>
</ul>
<li>Administration</li>
<ul>
<li><a href="/enigma-bbs/admin/oputil.html">oputil</a></li>
<li><a href="/enigma-bbs/admin/updating.html">Updating</a></li>
</ul>
<li>Troubleshooting</li>
<ul>
<li><a href="/enigma-bbs/troubleshooting/monitoring-logs.html">Monitoring Logs</a></li>
<li><a href="/enigma-bbs/troubleshooting/ssh-troubleshooting.html">Troubleshooting SSH</a></li>
</ul>
</ul>
</div>
<div class="main_area">
<div class="container">
<section id="main_content">
<div class="PageNavigation">
<a class="btn" style="float:left;margin-right: 20px;" href="/enigma-bbs/configuration/event-scheduler.html">« Event Scheduler</a>
<a href="#sidebar" class="btn menu_button">MENU</a>
<a class="btn" style="float: right;margin-left: 20px" href="/enigma-bbs/configuration/security.html">Security »</a>
<br clear="both">
</div>
<div class="page">
<h1 class="page-title">Access Condition System (ACS)</h1>
<h2 id="access-condition-system-acs">Access Condition System (ACS)</h2>
<p>ENiGMA½ uses an Access Condition System (ACS) that is both familiar to oldschool BBS operators and has its own style. With ACS, SysOps are able to control access to various areas of the system based on various conditions such as group membership, connection type, etc. Various touch points in the system are configured to allow for <code class="language-plaintext highlighter-rouge">acs</code> checks. In some cases ACS is a simple boolean check while others (via ACS blocks) allow to define what conditions must be true for certain <em>rights</em> such as <code class="language-plaintext highlighter-rouge">read</code> and <code class="language-plaintext highlighter-rouge">write</code> (though others exist as well).</p>
<h2 id="group-membership">Group Membership</h2>
<p>ENiGMA½ does not utilize legacy “security levels” (see note below) but instead utilizes a group system. Users may be long to one or more groups which can be checked by the <code class="language-plaintext highlighter-rouge">GM</code> ACS (See <a href="#acs-codes">ACS Codes</a> below). Two special groups exist out of the box:</p>
<ol>
<li>
<code class="language-plaintext highlighter-rouge">users</code>: Any regular user</li>
<li>
<code class="language-plaintext highlighter-rouge">sysops</code>: System Operators. The first user (your root, or admin) will alwasy belong to this group.</li>
</ol>
<p>You do not need to explicitly create groups: By checking for them via ACS, and adding members to a group, they implicitly exist within the system. You may use as many groups within your system as you would like. See <a href="/enigma-bbs/admin/oputil.html#user">optuil user group</a> for information adding and removing users to groups.</p>
<blockquote>
<p><img class="emoji" title=":information_source:" alt=":information_source:" src="https://github.githubassets.com/images/icons/emoji/unicode/2139.png" height="20" width="20"> Many dropfile formats require a security level. As such, the following apply: Root user or users in <code class="language-plaintext highlighter-rouge">sysops</code> group receive a security level of <code class="language-plaintext highlighter-rouge">100</code> while standard <code class="language-plaintext highlighter-rouge">users</code> receive <code class="language-plaintext highlighter-rouge">30</code>.</p>
</blockquote>
<h2 id="acs-codes">ACS Codes</h2>
<p>The following are ACS codes available as of this writing:</p>
<table>
<thead>
<tr>
<th>Code</th>
<th>Condition</th>
</tr>
</thead>
<tbody>
<tr>
<td>LC</td>
<td>Connection is local</td>
</tr>
<tr>
<td>AG<i>age</i>
</td>
<td>Users age is &gt;= <em>age</em>
</td>
</tr>
<tr>
<td>AS<i>status</i>, AS[<em>status</em>,…]</td>
<td>Users account status is <em>group</em> or one of [<em>group</em>,…]</td>
</tr>
<tr>
<td>EC<i>encoding</i>
</td>
<td>Terminal encoding is set to <em>encoding</em> where <code class="language-plaintext highlighter-rouge">0</code> is <code class="language-plaintext highlighter-rouge">CP437</code> and <code class="language-plaintext highlighter-rouge">1</code> is <code class="language-plaintext highlighter-rouge">UTF-8</code>
</td>
</tr>
<tr>
<td>GM[<em>group</em>,…]</td>
<td>User belongs to one of [<em>group</em>,…]</td>
</tr>
<tr>
<td>NN<i>node</i>, NN[<em>node</em>,…]</td>
<td>Current node is <em>node</em> or one of [<em>node</em>,…]</td>
</tr>
<tr>
<td>NP<i>posts</i>
</td>
<td>Users number of message posts is &gt;= <em>posts</em>
</td>
</tr>
<tr>
<td>NC<i>calls</i>
</td>
<td>Users number of calls is &gt;= <em>calls</em>
</td>
</tr>
<tr>
<td>SC</td>
<td>Connection is considered secure (SSL, secure WebSockets, etc.)</td>
</tr>
<tr>
<td>TH<i>height</i>
</td>
<td>Terminal height is &gt;= <em>height</em>
</td>
</tr>
<tr>
<td>TW<i>width</i>
</td>
<td>Terminal width is &gt;= <em>width</em>
</td>
</tr>
<tr>
<td>TM[<em>themeId</em>,…]</td>
<td>Users current theme ID is one of [<em>themeId</em>,…] (e.g. <code class="language-plaintext highlighter-rouge">luciano_blocktronics</code>)</td>
</tr>
<tr>
<td>TT[<em>termType</em>,…]</td>
<td>Users current terminal type is one of [<em>termType</em>,…] (<code class="language-plaintext highlighter-rouge">ANSI-BBS</code>, <code class="language-plaintext highlighter-rouge">utf8</code>, <code class="language-plaintext highlighter-rouge">xterm</code>, etc.)</td>
</tr>
<tr>
<td>ID<i>id</i>, ID[<em>id</em>,…]</td>
<td>Users ID is <em>id</em> or one of [<em>id</em>,…]</td>
</tr>
<tr>
<td>WD<i>weekDay</i>, WD[<em>weekDay</em>,…]</td>
<td>Current day of week is <em>weekDay</em> or one of [<em>weekDay</em>,…] where <code class="language-plaintext highlighter-rouge">0</code> is Sunday, <code class="language-plaintext highlighter-rouge">1</code> is Monday, and so on.</td>
</tr>
<tr>
<td>AA<i>days</i>
</td>
<td>Account is &gt;= <em>days</em> old</td>
</tr>
<tr>
<td>BU<i>bytes</i>
</td>
<td>User has uploaded &gt;= <em>bytes</em>
</td>
</tr>
<tr>
<td>UP<i>uploads</i>
</td>
<td>User has uploaded &gt;= <em>uploads</em> files</td>
</tr>
<tr>
<td>BD<i>bytes</i>
</td>
<td>User has downloaded &gt;= <em>bytes</em>
</td>
</tr>
<tr>
<td>DL<i>downloads</i>
</td>
<td>User has downloaded &gt;= <em>downloads</em> files</td>
</tr>
<tr>
<td>NR<i>ratio</i>
</td>
<td>User has upload/download count ratio &gt;= <em>ratio</em>
</td>
</tr>
<tr>
<td>KR<i>ratio</i>
</td>
<td>User has a upload/download byte ratio &gt;= <em>ratio</em>
</td>
</tr>
<tr>
<td>PC<i>ratio</i>
</td>
<td>User has a post/call ratio &gt;= <em>ratio</em>
</td>
</tr>
<tr>
<td>MM<i>minutes</i>
</td>
<td>It is currently &gt;= <em>minutes</em> past midnight (system time)</td>
</tr>
<tr>
<td>AC<i>achievementCount</i>
</td>
<td>User has &gt;= <em>achievementCount</em> achievements</td>
</tr>
<tr>
<td>AP<i>achievementPoints</i>
</td>
<td>User has &gt;= <em>achievementPoints</em> achievement points</td>
</tr>
<tr>
<td>AF<i>authFactor</i>
</td>
<td>Users current <em>Authentication Factor</em> is &gt;= <em>authFactor</em>. Authentication factor 1 refers to username + password (or PubKey) while factor 2 refers to 2FA such as One-Time-Password authentication.</td>
</tr>
<tr>
<td>AR<i>authFactorReq</i>
</td>
<td>Current user <strong>requires</strong> an Authentication Factor &gt;= <em>authFactorReq</em>
</td>
</tr>
<tr>
<td>PV[<em>name,_value</em>]</td>
<td>Checks that the property by <em>name</em> for the current user is exactly <em>value</em>. This ACS allows arbitrary user property values to be checked. For example, <code class="language-plaintext highlighter-rouge">PV[message_conf,local]</code> checks that the user is currently in the “local” message conference.</td>
</tr>
</tbody>
</table>
<h2 id="acs-strings">ACS Strings</h2>
<p>ACS strings are one or more ACS codes in addition to some basic language semantics.</p>
<p>The following logical operators are supported:</p>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">!</code> NOT</li>
<li>
<code class="language-plaintext highlighter-rouge">|</code> OR</li>
<li>
<code class="language-plaintext highlighter-rouge">&amp;</code> AND (this is the default)</li>
</ul>
<p>ENiGMA½ also supports groupings using <code class="language-plaintext highlighter-rouge">(</code> and <code class="language-plaintext highlighter-rouge">)</code>. Lastly, some ACS codes allow for lists of acceptable values using <code class="language-plaintext highlighter-rouge">[</code> and <code class="language-plaintext highlighter-rouge">]</code> — for example, <code class="language-plaintext highlighter-rouge">GM[users,sysops]</code>.</p>
<h3 id="example-acs-strings">Example ACS Strings</h3>
<ul>
<li>
<code class="language-plaintext highlighter-rouge">NC2</code>: User must have called two more more times for the check to return true (to pass)</li>
<li>
<code class="language-plaintext highlighter-rouge">ID1</code>: User must be ID 1 (the +op)</li>
<li>
<code class="language-plaintext highlighter-rouge">GM[elite,power]</code>: User must be a member of the <code class="language-plaintext highlighter-rouge">elite</code> or <code class="language-plaintext highlighter-rouge">power</code> user group (they could be both)</li>
<li>
<code class="language-plaintext highlighter-rouge">ID1|GM[co-op]</code>: User must be ID 1 (SysOp!) or belong to the <code class="language-plaintext highlighter-rouge">co-op</code> group</li>
<li>
<code class="language-plaintext highlighter-rouge">!TH24</code>: Terminal height must NOT be 24</li>
</ul>
<h2 id="acs-blocks">ACS Blocks</h2>
<p>Some areas of the system require more than a single ACS string. In these situations an <em>ACS block</em> is used to allow for finer grain control. As an example, consider the following file area <code class="language-plaintext highlighter-rouge">acs</code> block:</p>
<pre><code class="language-hjson">acs: {
read: GM[users]
write: GM[sysops,co-ops]
download: GM[elite-users]
}
</code></pre>
<p>All <code class="language-plaintext highlighter-rouge">users</code> can read (see) the area, <code class="language-plaintext highlighter-rouge">sysops</code> and <code class="language-plaintext highlighter-rouge">co-ops</code> can write (upload), and only members of the <code class="language-plaintext highlighter-rouge">elite-users</code> group can download.</p>
<h2 id="acs-touch-points">ACS Touch Points</h2>
<p>The following touch points exist in the system. Many more are planned:</p>
<ul>
<li><a href="/enigma-bbs/messageareas/configuring-a-message-area.html">Message conferences and areas</a></li>
<li>
<a href="/enigma-bbs/filebase/first-file-area.html">File base areas</a> and <a href="/enigma-bbs/filebase/uploads.html">Uploads</a>
</li>
<li>Menus within <a href="/enigma-bbs/configuration/menu-hjson.html">Menu HJSON (menu.hjson)</a>
</li>
</ul>
<p>See the specific areas documentation for information on available ACS checks.</p>
</div>
<div class="PageNavigation">
<a class="btn" style="float:left;margin-right: 20px;" href="/enigma-bbs/configuration/event-scheduler.html">« Event Scheduler</a>
<a class="btn" style="float: right;margin-left: 20px" href="/enigma-bbs/configuration/security.html">Security »</a>
<br clear="both">
</div>
</section>
</div>
</div>
</div>
</body>
</html>