home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BBS Toolkit
/
BBS Toolkit.iso
/
gt_power
/
gth035.zip
/
GTPASSWD.HLP
< prev
next >
Wrap
Text File
|
1990-08-11
|
11KB
|
266 lines
╔═════════╦══════════════════════════════════════════════════════════════
║ GT-HELP ║ GTPASSWD.BBS - System Security, Permissions, Time Allocation
╚═════════╩══════════════════════════════════════════════════════════════
The GTPASSWD.BBS controls access to the system - take care when
creating or editing it, since mistakes can affect the security of your
system.
It is not a file which callers should ever see, so there is no CBS
version. Nor should it have page breaks etc.
In GT1550 onwards it can have comment lines beginning with a semicolon,
but the 'business' lines should be exactly right - no ANSI, no
preceding spaces, no trailing comments, no guessing or improvisation.
There are THREE types of entry that can be contained in this file :
LOGON definitions usually essential - for first time users
CLASS definitions always essential - for repeat users
CALLBACK definitions optional - usually for remote sysops
If you frequently raise callers' access levels while on line (using
the CTRL-N command) you will find it convenient to place the CLASS
entries corresponding to the most frequent 'raise destinations' near
the top of the list, and to avoid comments near the top. Otherwise
the order of entries seems not to be important.
┌───────────────────┐
│ LOGON Definitions │
└───────────────────┘
┌──────────────────────────────────────────── Access Level
│┌─────────────────────────────────────────── Custom Bulletin (optional)
││ ┌────────────────────────────────── Time allotted for first call
││ │ ┌─────────────────────── First Time Password
││ │ │ ┌─────────── Permissions for first call
││ ┌──────┴─────┐ ┌──┴─┐ ┌───────┴───────┐
││ │ │ │ │ │ │
E1 [1:00,10,2:00] D39B8Y DR,DN,UP,PR,MS,NL
X9 [0:30,5,1:00] PUBLIC DR,DN,UP,PR,MS,NL
The two lines in the example indicate that callers who use the password
PUBLIC on their first call will be assigned access level X, and that
users logging on with the secret password D39B8Y will be immediately
assigned to access level E.
Most boards would have at least one logon definition. Boards which
belong to the GT net often set up a logon definition which gives higher
level access to visiting sysops.
Hint: Usually the NEWUSER.BBS file tells people the password for the
lowest level of access (eg PUBLIC in this case). New users,
nevertheless, still manage to miss it.
There is a line in the SYSOP.BBS, presently :
"$Wrong[."
which can conveniently be changed to
"Unrecognised password -- if you are new, try $PUBLIC[."
to encourage them to get it right 2nd time round.
┌───────────────────┐
│ CLASS Definitions │
└───────────────────┘
For EVERY access level that the system supports, there should be a
CLASS line :
┌───────────────────────────────────────────── Access Level
│┌──────────────────────────────────────────── Custom Bulletin (optional)
││ ┌──────────────────────────────────── Time Allotted
││ │ ┌────────────────────────── Must be UPPER CASE
││ │ │ ┌────────────── Permissions for this level
││ ┌─────┴─────┐ ┌─┴─┐ ┌───────┴───────┐
││ │ │ │ │ │ │
D1 [2:00,5,3:00] CLASS DR,DN,UP,PR,MS,NL
F1 [1:00,5,2:00] CLASS DR,DN,UP,PR,MS,NL
X8 [1:30,10,2:00] CLASS DR,DN,UP,PR,MS,NL
Z9 [0:30,5,1:00] CLASS DR,DN,UP,PR,MS,NL
There should be at the least a CLASS definition for every logon
definition. Often there will be *more* classes defined, making
additional access levels which can be assigned to individual callers
using the Sysop Tools program.
┌──────────────────────┐
│ CALLBACK Definitions │
└──────────────────────┘
Try not to confuse Callback and Ringback :
CALLBACK allows a user to ring in and log on using a special
password, then the board offers to call the caller
back on a prearranged number.
RINGBACK is where the caller must ring briefly, ring off and
ring back immediately in order to signal that GT,
not a person, should answer. That is set up in the
HOST.BAT file - see another GT-Help menu entry.
Most boards do NOT need callback definitions. If callback is used,
most of the cost is at the boards expense -- usually this is only
appropriate for the sysop to ring in remotely, or maybe as a
goodwill gesture to key customers in a company-run board.
The specified caller is not 'forced' to accept the callback, so the
feature can *not* be used as an additional security validation.
Every person using callback requires an individual callback definition:
┌──────────────────────────────────────────────── Access and Custom Bltn
│ ┌─────────────────────────────────────────── Time Allotted
│ │ ┌───────────────────────────────────── Password for Callback
│ │ │ ┌───────────────────────────────── The caller's permissions
│ │ │ │ ┌────────────────────────── The privileged name
│ │ │ │ │ ┌────────────── The number to call back
┌┤ ┌──┴─┐ ┌─┴┐ ┌┤ ┌────┴────┐ ┌────┴───┐
││ │ │ │ │ ││ │ │ │ │
01 [3:00] zb23 SY harry green 0814434601
If the same caller is likely to use callback from more than one phone
number, separate callback definitions (and unique passwords) will be
required for each.
┌───────────────┐
│ Access Levels │
└───────────────┘
Valid access levels are :
0 (highest) Usually the sysop only
1-9 (very high) Typically co-sysops, if any
A-Z Normal User levels (A highest, z lowest) a-z )
Mostly only a few normal access levels are chosen. Typically :
E for highly privileged users
S for visiting sysops
X for first time callers
Z for known nuisance callers
In general, callers at any level also have access to lower levels -
though it is possible to set up a message area or a file area
exclusively for the use of members on the exact access level.
┌──────────────────┐
│ Custom Bulletins │
└──────────────────┘
Custom bulletins are optional and are typically used for 'closed user'
groups. If configured, the specified bulletin is displayed after the
standard logon bulletin.
Example:
E4 [1:30,15,2:00] CLASS DR,DN,UP,PR,MS,NL
indicates a user at access level E who is to be shown
BULLET4.BBS (or BULLET4.CBS) in addition to the standard
GTBULLET.BBS (or GTBULLET.CBS) bulletin.
X [1:00,8,1:30] CLASS DR,DN,UP,PR,MS,NL
indicates a user at access level X who is to be shown only the
standard GTBULLET.BBS (or GTBULLET.CBS) bulletin.
┌───────────────┐
│ Time Allotted │
└───────────────┘
This field consists of several parts :
┌─────────────────────────────── Maximum length of individual calls
│ ┌──────────────────────────── Maximum number of calls per day
│ │ ┌──────────────────────── Total daily call allocation
┌─┴┐ │ ┌─┴┐
│ │ │ │ │
[1:00,8,3:00]
Times are in hours.
In general it is best to control access primarily by the daily
allocation. Don't set the calls per day below about 8 - this will
penalise users who get bad connections and maybe lose carriers
during the session.
Note: Not much to do with time allotment, but its configured here ...
It is also possible to put a directory name immediately before
the closing bracket. This directs uploads into the specified
directory. Mostly it is sufficient to omit this and allow
uploads to default as configured in GT.CNF.
┌─────────────┐
│ Permissions │
└─────────────┘
Permissions you would most commonly *consider* (the choice is yours)
are :
a) for normal users:
UP Upload authorised
DN Download authorised
PR Private mail authorised
DR Doors authorised
MS Message base access (usually reading *and* writing)
authorised
NL May NOT use the List Directory command
CB May use the inter-node chat (if you are running
more than one node).
CH Not appropriate unless you don't have a GTDIR.BBS
b) for buffoons
NE May NOT enter messages (except to sysop via the M
command). Can be used together with MS for
read-only message access.
NP May NOT page the Sysop.
c) for close colleagues:
SH May access shell to DOS. Usually only for sysop
and co-sysops.
FR May enter messages containing file requests
FA May enter messages containing file attaches
Note: Ordinary callers should not be given the FA
permission, since that would permit them to
attach files such as GTPASSWD.BBS or indeed
any file that they could guess might exist
in a particular place on your board.
KL Allow the killing of messages, even if not
addressed to or from the caller.
d) for yourself only:
SY All permissions granted. Usually assigned only to
numeric access levels. No need to list other
permissions individually.