This is an old revision of the document!
Table of Contents
Access Control
Synchronet Access Control
Introduction
This topic covers a wide range of methods and instructions on how a Synchronet sysop can enable or restrict access to their BBS.
Host Filtering
Specific TCP/IP hosts (computers) or ranges of hosts can be restricted from accessing your Synchronet servers through the use of various filter files. Filter files may also be used to restrict specific words from being used in user-generated content (message subjects, user names, aliases, etc.).
Restricting New User Creation
The sysop can disallow remote users from creating new user accounts by setting SCFG->System->Toggle Options->Closed To New Users to “Yes”.
The sysop can restrict users from creating new user accounts to only those that know a semi-secret New User Password (NUP), by setting SCFG->System->New User Password.
Access Controls
Synchronet user accounts each have the following security/access control settings which the sysop may use to enable or restrict the user's access to specific features of functions of the BBS:
- Level: a value (a.k.a. security level) between 0 and 99, with level 90-99 being reserved for operators of the system (sysops/co-sysops)
- Flags: 4 sets of 26 sysop-defineable toggle flags (A-Z) which allow for customized access control
- Exemptions: 26 flags (A-Z) which have pre-defined functions to exempt the user from specific limitations
- Restrictions: 26 flags (A-Z) which have pre-defined functions to restrict the user from using specific features/functions
- Expiration: a date a which time the user account will be automatically deleted (regardless of inactivity)
- Credits: a balance of credit which the user can deposit into (e.g. by uploading files) or withdraw from (e.g. by downloading files)
- Minutes: a balance of time which the user can use to go beyond their normally limited time per/call or per/day (a.k.a. time bank)
New User Values
The sysop determines which access control values will be assigned to newly created user accounts in SCFG->System->New User Values:
╔══════════════════════════════════════════════════════════╗ ║ New User Values ║ ╠══════════════════════════════════════════════════════════╣ ║ │Level 50 ║ ║ │Flag Set #1 ║ ║ │Flag Set #2 ║ ║ │Flag Set #3 ║ ║ │Flag Set #4 ║ ║ │Exemptions ║ ║ │Restrictions ║ ║ │Expiration Days 0 ║ ║ │Credits 10,485,760 ║ ║ │Minutes 0 ║ ║ │Editor FSEDITOR ║ ║ │Command Shell DEFAULT ║ ║ │Download Protocol None ║ ║ │Default Toggles... ║ ║ │Question Toggles... ║ ╚══════════════════════════════════════════════════════════╝
In the above example, newly created user accounts will have:
- Level 50 (never set above 89)
- No flags set in any of the sysop-defined flag sets (1-4)
- No exemptions
- No restrictions
- Will not expire
- Will have a credits balance of 10MB
- Will have 0 minutes in their time bank
Access Requirements
The sysop can specify combinations of access controls (e.g. security level, flags) and user values (e.g. gender, age, etc.) in SCFG (mostly under the options named “Access Requirements”) to control access to specific areas or functions of the BBS and restrict to specific groups of users.
See Access Requirements for more details.
Guest
Some sysops will want to have a Guest
user account on their BBS. Guest accounts can be used to allow:
- Inspection of basic BBS content without creating a user account
- Anonymous FTP access
Guest Account Creation
By default, if no Guest
account exists, the sysop (user with level 99) will be asked during logon to the Terminal server whether they wish to create the Guest
account at that time. If the sysop answers Yes
, the makeguest JavaScript module will be executed to create the Guest
account with the recommended access controls:
- Restrictions:
G, K, P, M, W, R, C
- Exemptions:
G, L, P, T