 |
Phantasmal MUD Lib for DGD
|
Phantasmal Site > Phantasmal Tutorials > Administration > Access, Resources and Quotas Access, Resources and QuotasAdmin Access and Path PermissionsRemember that incantation you did way back when, the one you used to give you administrator character his power as a Mighty Admin? Now we'll get around to letting you know how that worked and what similar things you can do. Phantasmal has its roots in the Kernel Library, and nowhere is that more obvious than in these commands right here. There's a full permissions system for this stuff that's entirely separate from the way Phantasmal does most of what it does, and people who are seriously privileged under this system have full power to do absolutely anything to the MUD if they're so inclined. That's a generalization, but basically it's very hard to defend your Phantasmal MUD against somebody with these privileges -- it's just not designed for it. Once somebody can run arbitrary code, and once they can compile objects inside the main body of your MUD, a sufficiently clever attacker will be able to do weird and nasty stuff to your MUD in one way or another. So, let's show you how to give people this power, and what you can do to understand it. First, you should learn how to find out who can do what, and who exists in your MUD. The %access command is a fine way to determine what permissions somebody has. Just type "%access AdminName" and it'll tell you what file access you've given them. That file access takes the form of paths and types. For instance, awhile back when you typed "%grant SomeIdiot / full", what you did was to give them full (that's read/write plus admin) access to the root directory -- in other words, full power to do anything to any file. And yes, that would be why it's hard to stop them from hurting your MUD if they so choose. There are also global areas that anybody can read. That's important for things like the ROOM object that other people need to be able to inherit. So if you type "%access global" in Phantasmal, you'll find that the "/usr/common" directory is globally readable. That's where we store stuff like ROOM and OBJECT so it has to be globally readable. The Kernel Library (and thus Phantasmal) stores a list of everybody that has any access that it cares about. Before you can have any specific access, you have to be on The List. The way to put somebody on The List is to type "%grant WhoEverTheyAre access". To take them off the list, just type "%ungrant WhoEverTheyAre access". So %access tells you what they can play with. How do you change it? %grant and %ungrant again, it turns out. The syntax for %grant is "%grant AdminName <path> <access>". Path is just the path, and AdminName is granted the listed access to that path and all subdirectories (with some specific exceptions that the Kernel Library provides). Access is one of: read, write, full. Full means both read and write, but also administrative access to do other things. The %ungrant command has the same syntax, but does the opposite -- it removes access to that path. Quotas and ResourcesThere are certain types of resources that the Kernel MUDLib tracks and limits. You can only use so much of any one of them before it stops giving you any more. The %quota and %rsrc commands let you play with them. The %rsrc command, typed by itself, will show you the total quota and usage of every resource for everybody in the MUD. It may look like this: resources usage max decay period ----------------+-------------+------------+------+--------- callouts 1 -1 create stack 0 5 create ticks 0 10000 editors 0 -1 events 0 -1 filequota 1167 -1 objects 200 -1 stack 0 50 tick usage 3589379 -1 10% per hour ticks 0 250000 The usage column gives the amount currently in use. The max column tells you the total limit, and the decay column lets you know how fast usage of that resource decays. On the left, of course, are the resource names. Let's look at one individually. Go ahead and type "%rsrc tick usage". You'll see something like this:
owner usage max decay period
----------------+-------------+------------+------+---------
Ecru 0 -1 10% per hour
System 308 -1 10% per hour
admin 0 -1 10% per hour
angelbob 101333 -1 10% per hour
common 3436295 -1 10% per hour
thedarque 0 -1 10% per hour
Nifty, no? That breaks the total down into who is using what, and their individual limits. And %rsrc can also be used to set the total limit, by typing "%rsrc <rsrc name> <new limit>". That's pretty cool. Now let's hit our final command and see what %quota can do. While %rsrc showed us a lot about the overall usage of resources for everybody, %quota is more selective. Type it by itself to see your usage of each resource, kinda like "%rsrc YourName" would do. Type it with an admin's name to see that admin's usage of various resources -- "%quota SomeIdiot". To see one specific resource for one specific admin, type "%quota AdminName <resource name>", such as "%quota angelbob tick usage" or "%quota angelbob events". And finally, you can set a new quota for an admin by typing "%quota AdminName <resource name> <new limit>". Note that -1 means "unlimited" for most resources, which can be a useful thing. You got this far and you're still actually reading? Man, you're really delving. We don't have much more we can show you. But go ahead and hit any tutorials you haven't already finished. Below is a listing of various resources and what they mean to the Kernel MUDLib. If you micromanage this stuff, you're ahead of me.
|