Startsida Utforska Hjälp
Logga in
TC
/
arozos-mirror
spegling av https://github.com/tobychui/arozos
1
0
Fork 0
Filer Ärenden 0 Wiki
Träd: 3ae55f653e
Grenar Taggar
arozos-mirror
/
docs
/
chapter
/
beta
/
17.md

17.md 3.5 KB
Historik

["10. Device Dependent Configuration Folder"]

Device Dependent Configuration Folder (DDCF)

Each ArOZ Online System Host Device (short for Host) would have a stand alone folder outside of the webroot that used to store user authentication information, device identifier (Device UUID), key pairs and cookies (cookieseed in ArOZ Online Term). The location of the directory is as follows. This is a very important folder that manages all the security configurations. In most cases, you do not want this folder to be disclosed to the public.

Windows 7 or above C:\AOB
Debian or Ubuntu Linux /etc/AOB/

Please make sure that PHP has the permission to write to these directories when you are initializing the system for the first time.

If you have licensed ArOZ Online System from the author and are planning to deploy the system on another cloud platform, you might need to customize the path for DDCF as most cloud systems forbid users to access system disks in VMs. The way to change the default DDCF will be editing the auth.php file. On the top section of the script, you will find two variables.

//Auth System Settings. DO NOT TOUCH THESE VALUES $maxAuthscriptDepth = 32; $sysConfigDir = ""; //Remember to end with "/" //You can get the following variable from any script that includes this auth script. */*** $sysConfigDir --> Location of the ArOZ Online Storage Directory, usually C:/AOB/ on Windows or /etc/AOB/ on Linux $rootPath --> Relative directory to root, in backslash format (aka ../) **/

Change $sysConfigDir to another directory which you have access to if necessary.

It is not recommended to change the DDCF path to a location inside webroot as this might bring serious security issues to the system.

Emergency Closure of ArOZ Online System

Under emergency situations, ArOZ Online System can be shut down by uncommenting just one line of code in auth.php. Look for the “aoAuth” header in the script and locate the following chunk of code at the top section of the auth.php.

//Uncomment the following line for emergency terminating all services on ArOZ Online System //header("HTTP/1.0 503 Service Unavailable"); echo "

ArOZ Online System on this site has been emergency shut down by system administrator.

"; exit(0); header('aoAuth: v1.0'); if (session_status() == PHP_SESSION_NONE) { session_start(); }

Uncomment the line with header("HTTP/1.0 503 Service Unavailable"); and the whole system will be in lock down mode unless this line has been commented again.

User Authentication

All the user authentication (including communication between clusters and user login information) is stored inside the DDCF. For cluster security key systems, please refer to the cluster section. For user authentication, it is stored under whitelist.config inside the DDCF. The format of the whitelist is in csv format and data is arranged as follows:

{username},{password in SHA512 hash}

Each entry will occupy a new line.

User Isolation

Some information of users will also be stored inside DDCF. These are the application generated data in which it is stored in this directory because users cannot access the directory directly with ArOZ File System. In most cases, these information are stored under users/{username}/ folder following the folder tree from AOR. (e.g. Audio module will store files under users/{username}/Audio/ ).

To get the configuration directory of the current user, refer to the “User Isolation” section.