pennmush/
pennmush/game/
pennmush/game/data/
minimal.db
pennmush/game/log/
README
pennmush/game/save/
README
pennmush/game/txt/
pennmush/game/txt/evt/
pennmush/game/txt/hlp/
pennmush/game/txt/nws/
pennmush/hdrs/
pennmush/hints/
pennmush/os2/
pennmush/src/
pennmush/utils/
            Everything you ever wanted to know about access.cnf


The file "access.cnf" in the game/ subdirectory controls access to the
MUSH. It's used to restrict which sites can conect to players or guests,
create players, or register players by email. It can also flag a site
as suspect; all players who connect from suspect sites have their
SUSPECT flag set.

This file replaces the older lockout.cnf and sites.cnf file; 
typing 'make access' will create a new access.cnf file from your
lockout.cnf and sites.cnf files.

FILE SYNTAX

The syntax of the file is simple. Each line gives information about
a host or host-pattern:

[user@]host [options] [# comment]

host - the only required file, this is a hostname or a wildcard pattern
       to match. Examples: 
         berkeley.edu	- matches hostname berkeley.edu
	 *.berkeley.edu - matches hostname <anystring>.berkeley.edu
         *berkeley.edu  - matches either of the above
         *              - matches all hosts
user@ - if the host supports ident, and you trust the ident response,
        and you're sure that the link is fast enough that you'll always
        get an ident response in time, you can match for specific
        users. Example: johnq@netcom.com
options - A space-separated list of options which apply to connections
          from the host. Described in detail below.
comment - an optional comment

Everything in the file is separate by a single space - don't use tabs.

The file is read line-by-line, and the first match is used. This
means that the order in which hosts are listed is very important.

There is one special line in the file, which looks like this:

@sitelock

This line indicates where @sitelock'd sites will be inserted in
the file. Hosts listed after this line can have their access
options superseded by using @sitelock on-line. Hosts listed before
this line can not have their access options overriden by @sitelock.
If the line doesn't appear in the file, it will be added to the end
of the file at startup.


READING AND WRITING THE FILE

The access.cnf file is read and cached at startup, and whenever the MUSH 
receives a HUP signal.

The access.cnf file is written back to disk whenever @sitelock is used.


OPTIONS

The following options are available for each host in the file:

create	- People connecting from this host may 'create' players.
!create	- People connecting from this host may NOT 'create' players.
connect - People may connect to their existing non-guest players.
!connect - People may NOT connect to their existing non-guest players.
guest	- People may connect to guest players from this host.
!guest	- People may NOT connect to guest players from this host.
none    - shorthand for: !create !connect !guest
default - shorthand for: create connect guest
register - People may use the 'register' command from this host.
suspect	- All players connected to from this host will be set SUSPECT

If no options are given, the host is treated as if option "none"
were used. If at least one option is listed, it's assumed that
hosts can do anything (create, connect, guest) that they are
not prohibited from.


EXAMPLE SCENARIOS

Here are some typical ways you might want to set up your file:

1. Totally ban specific sites, allow all others

*badsite.com none
*.twink.edu none

This will totally lock out those sites (like lockout.cnf)


2. Allow specific sites and no others

*.berkeley.edu default
* none

People may connect from .berkeley.edu sites only.


3. Allow connection but not creation from some sites

*.twink.edu !create

This is equivalent to the former function of sites.cnf


4. Allow connection but not creation or guest-connection from some sites

*.twink.edu !guest !create


5. Require that a given site use the 'register' command to register
   players by email. 

*.twink.edu !create register

Using !create prevents people from using the usual create command.
Adding register allows them to uset the register command.


6. Disable creation from twink.edu sites, and don't let Wizards 
   override this rule with @sitelock

*.twink.edu !create
@sitelock

Because the rule appears above "@sitelock", and @sitelock rules appear
below "@sitelock", the rule will always be checked before any 
@sitelock rules.


7. Disable creation from twink.edu sites, but allow Wizards to
   later override this rule with @sitelock

@sitelock
*.twink.edu !create

Because the rule appears below "@sitelock", new @sitelock rules
(which will be added immediately following "@sitelock") will precede
it, and will be checked first.


6. A complex example:

  a) Allow anybody from localhost.berkeley.edu complete access
  b) Force people from *.twink.edu to use registration, and set their
     players SUSPECT
  c) Completely ban *badsite.com
  d) Don't allow jerk@netcom.com to connect to Guests
  e) Only allow people from somesite.org to connect to Guests.
  f) Allow @sitelock to override c-e above

localhost.berkeley.edu default
*.twink.edu !create register suspect
@sitelock
*badsite.com none
jerk@netcom.com !guest
somesite.org !connect !create guest