File manager: security
The file-manager allows you to manage the files associated with a collection. Which files, and which actions may be performed, are defined by:
Are a list of file-patterns and actions; and
Are a file system path.More details on how to create these via the administration interface are available in the file rules page.
The file rules are comprised of three elements:
- A file pattern, for example
- A list of collections; and
- A list of actions.
For example, the file-rule:
*.ftl : * : edit,delete,upload,download
allows the user to edit, delete, upload and download all FTL files in all collections (the
* means all collections, otherwise you can use a comma-separated list of collection names).
The following actions are available:
The file can be deleted
The file can be downloaded from the Funnelback server
The file can be edited
Display the first N lines of a file (gzipped files are expanded)
A backup file can be renamed to replace the original file
Display the file (gzipped files are expanded)
Display the last N lines of a file (gzipped files are expanded)
The file can be uploaded to the Funnelback server
Turns on all actions (use with caution)
The rules and folder definitions are derived by merging the system default rules and any rules for the current user:
- Rules from the user's configuration file,
$SEARCH_HOME/admin/users/user.ini, are checked first, before the rules from the system defaults,
- The rules are applied in the order they appear in both files.
For example, given the two files:
[file-manager::example-rules] r1 r2 r3
[file-manager::example-rules] F1 F2
The rules are checked in the following order:
[file-manager-rules::example-rules] collection.cfg : * : download,edit simple.ftl : * : upload,download,copy,edit *.ftl : * : upload,download,copy,edit,delete
The rules are tried in the order they are placed in the configuration files. Thus, you have to be careful on where the rules are placed in the configuration files.
The following example is wrong: if you were trying to protect the
simple.ftl file the order of the rules means that the first rule matches and the second one is ignored:
*.ftl :*:upload,download,copy,delete,edit simple.ftl:*:upload,download,copy,edit
The correct order is:
Folders are used to navigate to directories (or folders) on the file system. Normally this would be the collection's configuration directory, or one of its log directories, for example:
A folder definition is comprised of four elements:
A title to be displayed in the web pages.
A file system path, possibly using macros (see below).
The name of a file rule that applied to this folder.
The name of the folder set that this folder belongs to (usually logs for folders under browse log files and "" (blank) for folders under edit configuration files).
[file-manager::live-logs] name = Live log files path = $collection_root/live/log rules = log-rules [file-manager::log-rules] *.log : * : show,head,tail,download *.gz : * : download
Because folders are associated with any number of collection, you cannot used a hard-coded path. A number of macros are available to use in the path: these macros expand to the appropriate file system path, relative to the collection you are working on. These macros are:
The collection's configuration directory:
The collection's data directory: Usually
$SEARCH_HOME/data/<collection>/, but can be an external one like
collection_root has been reconfigured.
The Funnelback home directory