====== Access Control ====== Synchronet Access Control ===== Introduction ===== This topic covers a wide range of methods and instructions on how a Synchronet sysop can enable or restrict access to their BBS. ===== Host Filtering ===== Specific TCP/IP hosts (computers) or ranges of hosts can be restricted from accessing your Synchronet servers through the use of various [[config:filter files]]. Filter files may also be used to restrict specific words from being used in user-generated content (message subjects, user names, aliases, etc.). ===== Restricting New User Creation ===== The sysop can disallow remote users from creating new user accounts by setting [[util:SCFG]]->System->Toggle Options->Closed To New Users to "Yes". The sysop can restrict users from creating new user accounts to only those that know a semi-secret New User Password (NUP), by setting [[util:SCFG]]->System->New User Password. ===== Access Controls ===== Synchronet user accounts each have the following security/access control settings which the sysop may use to enable or restrict the user's access to specific features of functions of the BBS: * [[Level]]: a value (a.k.a. security level) between 0 and 99, with level 90-99 being reserved for operators of the system (sysops/co-sysops) * [[Flags]]: 4 sets of 26 sysop-defineable toggle flags (A-Z) which allow for customized access control * [[Exemptions]]: 26 flags (A-Z) which have pre-defined functions to exempt the user from specific limitations * [[Restrictions]]: 26 flags (A-Z) which have pre-defined functions to restrict the user from using specific features/functions * [[Expiration]]: a date a which time the user account will be automatically deleted (regardless of inactivity) * [[Credits]]: a balance of credit which the user can deposit into (e.g. by uploading files) or withdraw from (e.g. by downloading files) * [[Minutes]]: a balance of time which the user can use to go beyond their normally limited time per/call or per/day (a.k.a. time bank) ===== New User Values ===== The sysop determines which access control values will be assigned to newly created user accounts in [[util:SCFG]]->System->New User Values: ╔══════════════════════════════════════════════════════════╗ ║ New User Values ║ ╠══════════════════════════════════════════════════════════╣ ║ │Level 50 ║ ║ │Flag Set #1 ║ ║ │Flag Set #2 ║ ║ │Flag Set #3 ║ ║ │Flag Set #4 ║ ║ │Exemptions ║ ║ │Restrictions ║ ║ │Expiration Days 0 ║ ║ │Credits 10,485,760 ║ ║ │Minutes 0 ║ ║ │Editor FSEDITOR ║ ║ │Command Shell DEFAULT ║ ║ │Download Protocol None ║ ║ │Default Toggles... ║ ║ │Question Toggles... ║ ╚══════════════════════════════════════════════════════════╝ In the above example, newly created user accounts will have: * [[Level]] 50 (never set above 89) * No [[flags]] set in any of the sysop-defined flag sets (1-4) * No [[exemptions]] * No [[restrictions]] * Will not [[expiration|expire]] * Will have a [[credits]] balance of 10MB * Will have 0 [[minutes]] in their time bank ===== Access Requirements ===== The sysop can specify combinations of access controls (e.g. security level, flags) and user values (e.g. gender, age, etc.) in [[util:SCFG]] (mostly under the options named "Access Requirements") to control access to specific areas or functions of the BBS and restrict to specific groups of users. See [[requirements|Access Requirements]] for more details. ===== Creating and Editing User Accounts ===== There are multiple methods available for creating and editing user accounts: * By calling or connecting to the BBS and selecting "New" at the Login prompt * [[module:makeuser]] module (user creation only) * [[module:makeguest]] module (Guest account creation only) * [[util:uedit]] TUI user editor * [[util:useredit]] GUI user editor * User->Editor menu option from the [[monitor:sbbsctrl|Synchronet Control panel for Windows]] * [[util:gtkuseredit]] GUI user editor (*nix) * "UEDIT" sysop command, available while logged-in to the [[server:Terminal]] server as an operator of the system (sysop) * e.g. '';uedit'' command from the main menu of the default command shell ==== Sysop ==== The first user account created when connected to the [[server:Terminal]] server will automatically be given Sysop-level access (i.e., Security level 90, all flags and all exemptions). For this reason, the System Password is prompted for (with the SY: prompt) during the first new user creation process. The sysop account is traditionally the first user record in the database (i.e., user #1). This user account should not have the alias of "Sysop" - use your real name or a handle instead. Synchronet automatically treats the alias of Sysop specially and forwards any mail received for "Sysop" to user #1. ==== Guest ==== Some sysops will want to have a ''Guest'' user account on their BBS. Guest accounts can be used to allow: * Inspection of basic BBS content without creating a user account * Anonymous FTP access === Guest Account Creation === When a sysop with [[access:level|Security Level]] 99 logs into the [[server:Terminal]] server, they will be asked to create a Guest account if the following conditions are met: * Sysop's [[access:level|Security Level]] is 99 * ''Guest'' user does not already exist * Sysop has not already been asked and said ''No'' and to not be asked again If the sysop answers ''Yes'', the [[:module:makeguest]] [[:custom:JavaScript]] module will be executed to create the ''Guest'' account with the recommended access controls: * [[Restrictions]]: ''G, K, P, M, W, R, C'' * [[Exemptions]]: ''G, L, P, T'' If you answered ''No'' to both the "create Guest?" and "Ask again later?" prompts, you will need to run the makeguest.js module manually if you wish to create a ''Guest'' account. ===== See Also ===== * [[:access:requirements|Access Requirements (ARS)]] * [[:config:|Configuration]] * [[:howto:Block-Hackers|How To: Block Hackers]] {{tag>access guest}}