From 0905d27d22352443569b5a48fdeb4e5df98e249e Mon Sep 17 00:00:00 2001 From: Nolan Darilek Date: Thu, 17 Nov 2016 06:50:00 -0600 Subject: [PATCH] Create necessary ACL rule for logged-in users to have all access, and lock down public access (closes #3.) --- .sandstorm/changelog.md | 4 ++++ .sandstorm/launcher.sh | 2 ++ acl.auth.php | 22 ++++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 acl.auth.php diff --git a/.sandstorm/changelog.md b/.sandstorm/changelog.md index 3773bd3..62c58c5 100644 --- a/.sandstorm/changelog.md +++ b/.sandstorm/changelog.md @@ -1,3 +1,7 @@ +# 2016-06-26a-sandstorm5 (2016-11-17) + + * Create default @user ACL rule + # V2016-06-26a-sandstorm4 (2016-10-14) * Refactor to service-config style for easier development diff --git a/.sandstorm/launcher.sh b/.sandstorm/launcher.sh index 4c14e82..9bab50f 100644 --- a/.sandstorm/launcher.sh +++ b/.sandstorm/launcher.sh @@ -43,5 +43,7 @@ fi cd /var/lib/dokuwiki grep -Ev '^($|#)' /opt/app/dokuwiki/data.orig/deleted.files | xargs -n 1 rm -vrf +cp /opt/app/acl.auth.php /var/lib/dokuwiki/conf + # Start nginx. /usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;" diff --git a/acl.auth.php b/acl.auth.php new file mode 100644 index 0000000..9dff0d2 --- /dev/null +++ b/acl.auth.php @@ -0,0 +1,22 @@ +# acl.auth.php +# +# Don't modify the lines above +# +# Access Control Lists +# +# Editing this file by hand shouldn't be necessary. Use the ACL +# Manager interface instead. +# +# If your auth backend allows special char like spaces in groups +# or user names you need to urlencode them (only chars <128, leave +# UTF-8 multibyte chars as is) +# +# none 0 +# read 1 +# edit 2 +# create 4 +# upload 8 +# delete 16 + +* @ALL 1 +* @user 16