Writing Customized Expressions; Turning Off Access Control - Netscape ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR Administrator's Manual

Selecting Access Control Options

Writing Customized Expressions

You can enter custom expressions for an ACL. Only select this option if you are
familiar with the syntax and structure of ACL files. There are a few features
available only by editing the ACL file or creating custom expressions. For example,
you can restrict access to your server depending on the time of day, day of the
week, or both.
The following customized expression shows how you could restrict access by time
of day and day of the week. This example assumes you have two groups in your
LDAP directory: the "regular" group gets access Monday through Friday, 8:00am
to 5:00pm. The "critical" group gets access all the time.
allow (read)
{
(group=regular and dayofweek="mon,tue,wed,thu,fri");
(group=regular and (timeofday>=0800 and timeofday<=1700));
(group=critical)
}
For more information on valid syntax and ACL files, see Appendix C, "ACL File
Syntax" and "Referencing ACLs in obj.conf," on page 357.

Turning Off Access Control

When you uncheck the option labeled "Access control is on," you'll get a prompt
asking if you want to erase records in the ACL. When you click OK, the server
deletes the ACL entry for that resource from the ACL file.
If you want to deactivate an ACL, you can comment out the ACL lines in the file
generated-https-server-id.acl
188 Netscape Enterprise Server Administrator's Guide • April 2002 (Draft)
Execute allows users to execute server-side applications, such as CGI
programs, and Java applets
Delete allows users who also have write privileges to delete files or
directories.
List allows users to access lists of the files in directories that don't contain
an file.
index.html
Info allows users to receive information about the URI.
by putting # signs at the beginning of each line.