- NeoWebServerConf key value
- NeoWebDirConf key value
Per-server and Per-directory configuration of the Tcl interpreter. Each
command sets a variable of the same name within the trusted interpreter.
Available via mod_neoscript.c.
See Variables for more information.
- NeoWebUserConf key value
Per-directory configuration of the Tcl slave interpreter via .htaccess. The
global Tcl array NeoWebUserConf is set according to .htaccess files
found by the server. NeoWebUserConf is the only configuration under user
control (it may also be set in a per-directory configuration within
access.conf). This can be used to customize
or modify behaviors of general purpose tcl code called within documents.
Standard merging rules are followed. Note that unlike the other configuration
commands which set Tcl array variables, the NeoWebUserConf array is
set only in the slave (user's) interpreter. If the trusted interpreter
wants to know about it, it must interrogate the slave.
Available via mod_neoscript.c.
- TclAuthBasic procname arg1 arg2 ...
- TclAuthAccess procname arg1 arg2 ...
These directives may be used in access.conf or .htaccess files to
define a Tcl procedure to be used for authenticating users. Any number of
arguments may be specified for the Tcl procedures. The TclAuthBasic
proc call is assembled by appending the user name to end of the list of
arguments. The proc must return a DES-encrypted string which will be compared
with the string entered by the user. If a user is not found in your database,
return an empty string. Available via mod_auth_tcl.c.
Two additional arguments are likewise appended to the given
TclAuthAccess proc and args for each Require directive
given within a <Limit> directive. The procedure is then
called. The return value should be one of "OK", "AUTH_REQUIRED", or
an empty string. OK accepts the user as valid. AUTH_REQUIRED
will deny access. Any other return value will mean to continue checking
(possibly) additional Require directives in turn. If the list
is exhausted without an "OK", the result is a failure to authenticate
access.
Examples of TclAuthBasic and TclAuthAccess can be
found in common.tcl in the server configuration directory.
The example postgres_auth proc checks a local db file cache for
passwords before actually connecting to our Postgres95 server. This
is a good idea in any situation when one realizes the enormous number
of hits to such a database can be incurred when authenticating access
to a directory. We have not yet had the need for an TclAuthAccess
proc beyond simply accepting "Require valid-user" directives.
If an error is caught, it is logged and is treated as an authentication
failer.
- UidUserDir id dir
- GidUserDir id dir
Per user and per group UserDir configuration.
Configures a UserDir for a specific id or id range.
If id contains a - it is parsed as an id number range.
Otherwise, it is translated into a numeric id by looking it up in the
appropriate system file (/etc/passwd or /etc/group).
dir is the subdirectory to append to the users home directory
just as in UserDir. If dir is disabled then
~user expansion for the given user or user range is disabled,
and attempts to access return the FORBIDDEN code.
This was primarily implemented to disable access to the system
hierarchy via ~root or ~bin for example.
Example:
UidUserDir 0-199 disabled
- ForbidUserSubdir path
Provides a means for protecting certain user subdirectories from access.
During expansion of ~user, if the subdirectory requested matches
path then it is disallowed. Attempts to access return the DECLINED
code. If you use UserDir public_html in your srm.conf you may
wonder why one needs this. It's useful if you set UserDir to ".",
which is likely if you are running a dedicated web server where home
directories are primarily web sites and nothing else.