bc-clihost acl set

Set/update a host ACL.

Usage

host acl set (user|role) [(userPattern|user.name)@]hostPattern

where
user|role BeyondCron user or role to which the ACL applies.
userPattern defining user names that apply to the host ACL. If not specified, then host ACL will match any user name.
user.name matches user and/or users belonging to role.
hostPattern defining host names that apply to the host ACL. If no pattern type—e.g. glob or regex—is specified, then the userPatten type will be used.

admin on /_beyondcron/acl/hosts

Pattern

Both userPattern and hostPattern are defined as

[type:]pattern

where
type of pattern, where type is one of the following:
glob pattern is a glob.
regex pattern is a regular expression.
In not specified, the default is glob.
pattern to match user/host names against.
Metacharacters
Symbol Action
* Match zero or more characters.
e.g. Law* matches Law, Laws, Lawyer, etc…
? Match one character.
e.g. ?at matches Cat, cat, Bat, etc…
[…] Match one character from a set.
e.g. [CB]at matches Cat and Bat, but not cat or bat.
A hyphen can be used to specify a range.
e.g. server[0-9] matches server0, up to server9, but not server10 or servers.
[!…] Match one character not within the set or range.
e.g. [!C]at matches Bat and cat, but not Cat.
A hyphen can be used specify an inverse range
e.g. server[!6-9] matches servers and server1, but not server9.
{…} Group match. Matches if any subpattern within the group matches.
e.g. {root,js*[0-9]} matches root, jsmith0, jsmyth9, etc…
see glob reference for full details.
Symbol Action
. Match one character.
e.g. .at matches Cat, cat, Bat, etc…
? Match zero or one characters.
e.g. Cat? matches Cat or Cats.
* Match zero or more characters.
e.g. Law* matches Law, Laws, Lawyer, etc…
+ Match one or more characters.
e.g. Law+ matches Laws, Lawyer, etc…, but not Law
\d Match a number.
e.g. Letter\d matches Letter0, up to Letter9, but not Letter10 or Letters.
[…] Match one character from a set.
e.g. [CB]at matches Cat and Bat, but not cat or bat.
A hyphen can be used to specify a range.
e.g. Letter[0-9] matches Letter0, up to Letter9, but not Letter10 or Letters.
[^…] Match one character not within the set.
e.g. [^C]at matches Bat and cat, but not Cat.
A hyphen can be used specify an inverse range
e.g. server[^6-9] matches servers and server1, but not server9.
(…) Group match. Matches if any subpattern within the group matches.
e.g. (root|js*[0-9]) matches root, jsmith0, jsmyth9, etc…
{n} Match the preceding item exactly n times.
e.g. server[0-9]{2} matches server01, but not server1.
{min,} Match the preceeding item min or more times.
e.g. server[0-9]{2,} matches server01, and server012, but not server1.
{min,max} Match the preceeding item at least min times, but not more than max times.
e.g. server[0-9]{2,3} matches server01, and server012, but not server1 or server01234.
see regex reference for full details.

Examples

Define a glob host acl

Allow admin role to define root jobs

BeyondCron % host acl set admin root@*
BeyondCron % host acl list admin

User/Role Pattern --------- ------- admin root@*

Define an additional host acl

Allow admin role to define root jobs on localhost. Because localhost is a protected host it must be defined explicitly.

BeyondCron % host acl set admin root@localhost
BeyondCron % host acl list admin

User/Role Pattern --------- -------------- admin root@* admin root@localhost

Define a regex host acl

Allow developer role to define www jobs one a restricted range of hosts.

BeyondCron % host acl set developer regex:www@devsvr\d{1,2}
BeyondCron % host acl list developer

User/Role Pattern --------- ----------------------- developer regex:www@devsvr\d{1,2}

Define a user.name host acl

Allow developer role users to define jobs running under their own name.

BeyondCron % host acl set developer user.name@*
BeyondCron % host acl list developer

User/Role Pattern --------- ----------------------- developer user.name@* developer regex:www@devsvr\d{1,2}

See also

Reference