The authentication file, normally stored in
users.cfg unless configured differently, stores a set of permissions groups for different authenticated users.
The format is pretty simple:
[admin] http://example.com/ mailto:email@example.com [friends] mailto:firstname.lastname@example.org mailto:email@example.com http://example.com/~friend/ good-friends [enemies] mailto:firstname.lastname@example.org http://tumblr.com/ [good-friends] https://beesbuzz.biz/
Simply put, each group is indicated by
[group_name], and each line after the group name indicates the authenticated identities (and other groups) which are a part of that group. So, in this case, anyone who is in the
good-friends group will also be in the
friends group. All identities are given as full URIs.
Identities can also be used as a group name, to help manage those folks who have more than one identity that you want to treat equivalently; for example:
[https://beesbuzz.biz] mailto:email@example.com ; Twitter URLs *must* include the user ID; this helps prevent spoofing. ; You can get the full user URL from the authentication log (/_admin) https://twitter.com/fluffy#993171 https://queer.party/@fluffy
This will give the identities
https://queer.party/@fluffy membership in all groups that
https://beesbuzz.biz is in as well.
Any identities which belong to the administrative group (which is
admin by default but can configured differently) will have access to all entries, as well as the administrative dashboard. Otherwise, users are subject to the permissions system.
You can also start a line with
; to indicate that it is a comment.