HEX
Server: Apache/2.4.29 (Ubuntu)
System: Linux bareserver 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
User: root (0)
PHP: 7.2.24-0ubuntu0.18.04.17
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /usr/share/webmin/dhcpd/help/
Upload Files
File: //usr/share/webmin/dhcpd/help/acl.html
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <meta name="GENERATOR" content="Mozilla/4.72 [en] (X11; U; Linux 2.2.14-6.1.1 i686) [Netscape]">
</head>
<body>

<center>
<h1>
DHCPD ACL subsystem</h1></center>

<h3>
TARGETS:</h3>
&nbsp;&nbsp;&nbsp; The main goals of acl subsystem is providing a powerfull,
flexible and extendable mechanism for access control of different objects
in dhcpd configuration. This objects are shared networks, subnets, groups
of hosts and hosts.
<br>&nbsp;&nbsp;&nbsp; Also acl subsystem allows you to control some other
features, such as: unique object names, applying of changed configuration,
viewing and deletion of dhcp leasures.
<h3>
CONCEPTS:</h3>
&nbsp;&nbsp;&nbsp; Dhcpd configuration file we can show as a tree structure.
Each node of this tree represents a configuration of different dhcp objects
(fig. 0).
<p>&nbsp;&nbsp;&nbsp; Acl subsystem have 2 levels of permissions:
<ul>
<li>
global: read, write, create;</li>

<li>
per-object: read, write.</li>
</ul>
&nbsp;&nbsp;&nbsp; Global permissions exists for every type of objects
(hosts, groups, subnets, shared networks) and controls operations with
a whole object set of given type.
<br>Global create
<br>Global read
<br>Global write
<br>&nbsp;&nbsp;&nbsp; Per-object permissions give you a more flexible
way of access control. Per-object permissions acl exists for every object
individual object. Today only hosts and subnets per-object acls are impemented.
<br>Per-object read
<br>Per-object write
<br>&nbsp;&nbsp;&nbsp; Acl subsystem can operate in 4 different security
levels (or modes).
<br><img SRC="ctree0.gif" ALT="dhcpd configuration tree, security level 0, check subnetX permissions" height=229 width=314>
<br>&nbsp;
<p><img SRC="ctree1.gif" ALT="dhcpd configuration tree, security level 1, check subnetX permissions" height=229 width=314>
<p><img SRC="ctree2.gif" ALT="dhcpd configuration tree, security level 2, check subnetX permissions" height=229 width=314>
<p><img SRC="ctree3.gif" ALT="dhcpd configuration tree, security level 3, check subnetX permissions" height=229 width=314>
<h3>
USER NOTES:</h3>
&nbsp;
<h3>
DEVELOPER NOTES:</h3>

</body>
</html>
@ Telegram