commands – host acl set
Set/update a host ACL.
Usage
host acl set (user|role) [(userPattern|user.name)@]hostPattern
where
| user|role | BeyondCron user or role to which the ACL applies. |
| userPattern | defining user names that apply to the host ACL. If not specified, then host ACL will match any user name. |
| user.name | matches user and/or users belonging to role. |
| hostPattern | defining host names that apply to the host ACL. If no pattern type—e.g. glob or regex—is specified, then the userPatten type will be used. |
admin on /_beyondcron/acl/hosts
Pattern
Both userPattern and hostPattern are defined as
[type:]pattern
where
| type | of pattern, where type is one of the following: | |
| glob | pattern is a glob. | |
| regex | pattern is a regular expression. | |
| In not specified, the default is glob. | ||
| pattern | to match user/host names against. | |
Metacharacters
| Symbol | Action |
|---|---|
| * | Match zero or more characters. e.g. Law* matches Law, Laws, Lawyer, etc… |
| ? | Match one character. e.g. ?at matches Cat, cat, Bat, etc… |
| […] | Match one character from a set. e.g. [CB]at matches Cat and Bat, but not cat or bat.A hyphen can be used to specify a range. e.g. server[0-9] matches server0, up to server9, but not server10 or servers. |
| [!…] | Match one character not within the set or range. e.g. [!C]at matches Bat and cat, but not Cat.A hyphen can be used specify an inverse range e.g. server[!6-9] matches servers and server1, but not server9. |
| {…} | Group match. Matches if any subpattern within the group matches. e.g. {root,js*[0-9]} matches root, jsmith0, jsmyth9, etc… |
| see glob reference for full details. |
| Symbol | Action |
|---|---|
| . | Match one character. e.g. .at matches Cat, cat, Bat, etc… |
| ? | Match zero or one characters. e.g. Cat? matches Cat or Cats. |
| * | Match zero or more characters. e.g. Law* matches Law, Laws, Lawyer, etc… |
| + | Match one or more characters. e.g. Law+ matches Laws, Lawyer, etc…, but not Law |
| \d | Match a number. e.g. Letter\d matches Letter0, up to Letter9, but not Letter10 or Letters. |
| […] | Match one character from a set. e.g. [CB]at matches Cat and Bat, but not cat or bat.A hyphen can be used to specify a range. e.g. Letter[0-9] matches Letter0, up to Letter9, but not Letter10 or Letters. |
| [^…] | Match one character not within the set. e.g. [^C]at matches Bat and cat, but not Cat.A hyphen can be used specify an inverse range e.g. server[^6-9] matches servers and server1, but not server9. |
| (…) | Group match. Matches if any subpattern within the group matches. e.g. (root|js*[0-9]) matches root, jsmith0, jsmyth9, etc… |
| {n} | Match the preceding item exactly n times. e.g. server[0-9]{2} matches server01, but not server1. |
| {min,} | Match the preceeding item min or more times. e.g. server[0-9]{2,} matches server01, and server012, but not server1. |
| {min,max} | Match the preceeding item at least min times, but not more than max times. e.g. server[0-9]{2,3} matches server01, and server012, but not server1 or server01234. |
| see regex reference for full details. |
Examples
Define a glob host acl
Allow admin role to define root jobs
BeyondCron % host acl set admin root@*
BeyondCron % host acl list admin
User/Role Pattern --------- ------- admin root@*
Define an additional host acl
Allow admin role to define root jobs on localhost. Because localhost is a protected host it must be defined explicitly.
BeyondCron % host acl set admin root@localhost
BeyondCron % host acl list admin
User/Role Pattern --------- -------------- admin root@* admin root@localhost
Define a regex host acl
Allow developer role to define www jobs one a restricted range of hosts.
BeyondCron % host acl set developer regex:www@devsvr\d{1,2}
BeyondCron % host acl list developer
User/Role Pattern --------- ----------------------- developer regex:www@devsvr\d{1,2}
Define a user.name host acl
Allow developer role users to define jobs running under their own name.
BeyondCron % host acl set developer user.name@*
BeyondCron % host acl list developer
User/Role Pattern --------- ----------------------- developer user.name@* developer regex:www@devsvr\d{1,2}