Access Control File (Linux only)
The Access Control file is used in Linux environments only. It should be modified when implementing custom tools that use the FileGet and or FilePut API calls. The control file access is not based on Contenta user login name or password, it allows.
If using custom tools that use FileGet or FilePut, know that there is a control file that is used to stipulate the security level for these two calls. The control file only affects API calls using FileGet and FilePut, it does not affect Contenta Explorer, Contenta Web, or any of the standard tools.
Security is controlled using the keywords and entries within the content access control file which must be located in /pdm/bin
This directory is a link to the database’s bin directory.
The control file access is not based on Contenta user login name or password, it allows access by all Contenta users through any software that utilizes the FileGet and/or FilePut calls.
See The contentaccess.ctl File and The Control File Keywords.
Database Control File Error
If there is a problem with the control file syntax, FileGet and FilePut are disabled and any attempt to use them results in the following error message from the Portal:
insufficient privileges to read/write file
If there is no control file present (contentaccess.dbname or contentaccess.ctl) an attempt to use FileGet or FilePut results in the error message:
control file error in ‘file’ command
The contentaccess.ctl File
The contentaccess.ctl file is delivered with the Contenta software in the Contenta_home/System directory path.
The file’s contents are commented-out (see Comments in the Control File). The file may be used as a template to create the database control file, contentaccess.dbname or a default, contentaccess.ctl file based on your environment.
Remember to remove the # comment character at the beginning of each line you want processed when using the delivered file as a template.
Make certain that the user who starts the portal service/process has read access to the control files. Do not provide write access to everyone or the integrity of the security that this file is to provide will be compromised.
#FILEPUT_FILEGET_FULL_ACCESS_TO_FILESYSTEM
#FILEGET_FULL_ACCESS_TO_FILESYSTEM
#FILEPUT_FULL_ACCESS_TO_FILESYSTEM
#FILEPUT_FILEGET_ENABLE_SUBDIRECTORY_ACCESS c:/temp
#FILEPUT_FILEGET_ENABLE c:/temp;e:/temp
#FILEGET_ENABLE_SUBDIRECTORY_ACCESS e:/temp
#FILEPUT_ENABLE_SUBDIRECTORY_ACCESS e:/temp
#FILEGET_ENABLE e:/temp
#FILEPUT_ENABLE e:/temp
Comments in the Control File
See Control File Keywords for an explanation of the file’s contents.
Comments are allowed in the control file as follows:
The line must start with the
#character; any line starting with the # character is considered a comment.Comment lines cannot begin with a space, tab, or any other symbol before the
#comment character.
Example
# Comment: Enabling read and write access to anything
FILEPUT_FILEGET_FULL_ACCESS_TO_SYSTEM
The Control File Keywords
Security can be controlled using the keywords and entries within the control file as follows:FILEPUT_FILEGET_FULL_ACCESS_TO_FILESYSTEM
Enables read and write access to anything (current functionality).
FILEGET_FULL_ACCESS_TO_FILESYSTEM
Enables read-only access to anything.
FILEPUT_FILEGET_ENABLE_SUBDIRECTORY_ACCESS
Enables read and write access to named directories, including sub-directories. This must be followed by lines containing the directory paths to which you are allowing access.
Example
FILEPUT_FILEGET_ENABLE_SUBDIRECTORY_ACCESS
Linux: FILEPUT_FILEGET_ENABLE_SUBDIRECTORY_ACCESS /work/xy
Windows: FILEPUT_FILEGET_ENABLE_SUBDIRECTORY_ACCESS c:\work\xy
In this case, all server pathnames that are passed to FileGet and FilePut would have to start with the path /work/xy — for example:
/work/xy/publish/pdf/picture.pdf
FILEGET_ENABLE_SUBDIRECTORY_ACCESS
Enables read-only access to named directories, including sub-directories.
This must be followed by lines containing the directory paths to which you are allowing access. For example, See The contentaccess.ctl File.
FILEPUT_FILEGET_ENABLE
Enables read and write access to named directories, excluding sub-directories. This must be followed by lines containing the directory paths to which you are allowing access. For example,
FILEGET_ENABLE
Enables read-only access to named directories, excluding sub-directories.
This must be followed by lines containing the directory paths to which you are allowing access. For example, see The contentaccess.ctl File.
The control file names must follow the naming convention as described below:
| File | Description |
|---|---|
| contentaccess.dbname | Where dbname is the name of the Contenta database, for example: contentaccess.apidoc This file is used for access within the database denoted by the (dbname) filename extension. The contentaccess.dbname file is not required. However, if there is no control file (contentaccess.dbname or contentacccess.ctl), FileGet and FilePut are disabled and and an error is returned by the API (see Database Control File Error). There can be multiple contentaccess.dbname files. In the case of multiple files, the database name control files override the contentaccess.ctl file for the named databases only. |
| contentaccess.ctl | This file is used for access within any database on the system. The contentaccess.ctl file is the default for any database that is not named in a content access filename—that is, contentaccess.dbname. The contentaccess.ctl file is not required. However, if there is no control file (contentaccess.dbname or contentacccess.ctl), FileGet and FilePut are disabled and and an error is returned by the API (see Database Control File Error). A sample file is delivered in the Contenta_home/System directory. |