| 
    Permit users to access certain rush functions.
     
    The syntax of the 'permit' command is as follows:
     
    permit
    {
	functionlist:
	{
	    userlist
	}
	functionlist:
	{
	    userlist
	}
    }Comments can be interspersed within the 'permit' command, and
    must be delimited with '#'.
    To permit users to only online/offline/getoff their own machines,
    or a specific list of machines, see below 
    for examples of how to do this.
     
    'userlist' is a list of users who will be granted access to the
    functions in the preceding 'functionlist' described below. 
    User names can be separated by commas (,) spaces ( ) or can 
    appear on separate lines, or any combination of commas, spaces
    and lines. '*' is special in that it matches 'all users'. 
    No verification is done to check if user names are actually valid,
    so it's not an error to specify non-existant users. The rush debugging
    flag 'F' can be used to debug 'permit' settings, e.g. 'rush -d F -ping |& grep permit:'.
     
    'functionlist' is a comma or space separated list of function names
    from the table below, which specifies the functions that will be 
    granted to the users in 'userlist'. 'functionlist' can contain any of:
     
     
 
    | Permit Functions |  
        | almighty | Lets users use the 'a' almighty priority (eg. +any=100a) (This setting can be overridden by 'disablepflags a')
 |  
        | everything | /All/ operations in this table, including administrative commands, eg: 
	    rush -push, 
	    rush -dexit, 
	    rush -rotate..
 |  
        | getoff | Lets users use 'rush -getoff' command,
	    or the same function in onrush(1) |  
        | kill | Lets users use the 'k' kill priority (eg. +any=100k) (This setting can be overridden by 'disablepflags k')
 |  
        | online | Lets users use 'rush -online' command.
	    or the same function in onrush(1) |  
        | offline | Lets users use 'rush -offline' command,
	    or the same function in onrush(1) |  
        | usercmd | Lets users use 'usercmd' submit command
	    to redefine the job's owner. |  
        | fifo-order | (new in 103.06)
	    Lets users use
	    'rush -fifo-order' command
	    to re-order jobs when FIFO scheduling is enabled.
 |  
     
     
 Permit Examples
 
     
 
    | Default Permissions The default rush permissions.
 |  
        | 
# Example. The default permit behavior:
#    1. 'root' and 'administrator' can do /everything/
#    2. everyone else can do only normal user stuff (not admin commands)
#
    
permit
{
    everything:
    {
        root                        # unix 'root' user
        administrator               # windows 'administrator' user
    }
    online,offline,getoff,kill,almighty,fifo-order:
    {
        *                           # allow everyone to do these functions      
    }
} |  
     
     
 
    | Wide Open Permissions Let everyone do everything.
 |  
        | 
    permit
    {
        everything:
        {
            *             # everyone can do admin functions (everything)  
        }
    } |  
     
     
 
    | Specific User Permissions Allow certain users to have specific permissions
 |  
        | 
# Example. Configure specific user permissions:
#     1) 'root' and 'administrator' can do /everything/
#     2) 'fred' and 'fez' can online/offline
#     3) 'jack' 'jane' and 'fred' can use kill/almighty priorities
#     4) 'bill' and 'ted' to use online/offline/getoff/kill
#     5) 'fred' and 'wrangler' can use 'rush -fifo-order'
#
permit
{
    everything:
    {
	root,administrator	# root,administrator can do everything
    }
    online,offline
    {
	fred,fez		# fred,fez can online and offline machines     
    }
    kill,almighty:
    {
	jack,jane,fred		# jack,jane and fred can use k/a priority
    }
    online,offline,getoff,kill:
    {
	bill,ted		# bill and ted can online/offline/getoff
	                        # and use 'k' priority
    }
    fifo-order:
    {
        fred,wrangler           # "fred" and "wrangler" can use fifo-reordering
    }
} |  
     
     
 
    | Real World Example |  
        | 
permit
{
     everything:
     {
	root,administrator
     }
     online,offline:
     {
	*
     }
     getoff:
     {
        # Only production TDs can getoff. *ahem*
	# "FIFTH"
	fifth,jendy,rinbow,mia,kang,ty,karl,markip,ochere,bchavez,jge
	klovance,amby,kweith,ezimmerman,jhl,jinx,benbower,kholzman,
	pshino,klm,ronan,bmittle,kenbergman,jw
	# "HONDA"
        honda,zaustin,justinp,avio,mia,bks,mdavis,adamk,gutzin,rga
	jmilburn,jenn,aglass,orink,kcb,ronan,kglass,andrew
	# PRODUCERS
	lisa,bonk,wandas,dan
	# RENDER WATCHERS
	dannyb,nick,hellerman,donovan
     }
     kill,almighty:
     {
	# PRODUCERS
	lisa,bonk,wandas,dan
	# DATA I/O
	catlin,dman
     }
     # USERS WHO CAN USE ONLINE/OFFLINE/GETOFF ON THEIR OWN MACHINES ONLY
     #   Note use of new 'host=<hostname>' to limit commands to run
     #   only on the machines specified.
     #
     online,offline,getoff:
     {
host=hollywood  fred                            # fred can control host hollywood
host=fenway     jenna                           # jenna can control host fenway
host=oaklawn    bks,fred                        # bks and fred can control host oaklawn
host=+farm      dannyb,nick,hellerman,donovan   # render watchers can control farm hosts
     }
} |  
     
    
     Permitting Users To Only Control Their Own Hosts
    The 'host=' and 'os=' prefixes (described in the rush.conf file format description)
    can be used to cause lines to be executed only on specific hosts. 
     
    Example. This shows how to configure 'permit' to allow users 
    to online/offline/getoff certain machines:
     
     
 
    | Permit Workstation Online/Offline Allow users to online/offline their own workstations.
 |  
        | 
permit
{
    [..]
    online,offline,getoff:
    {
host=tahoe      erco,jack       # erco and jack can control host tahoe
host=ontario    reid            # reid can control host ontario
host=+farm      erco            # erco can control all hosts in the +farm host group
    }
}
         |  
     
    
     See Also: |