ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-12-27 01:56:24 +08:00
Code Issues Projects Releases Packages Wiki Activity

doc: amend groupModify documentation

Browse source
This commit is contained in:
Stéphane Lesimple 2022-07-01 10:09:13 +00:00 committed by Stéphane Lesimple
parent 3956dc587b
commit 39e667f703
1 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/sphinx/plugins/group-owner/groupModify.rst
View file

@ -14,16 +14,28 @@ Modify the configuration of a group
.. program:: groupModify .. program:: groupModify
.. option:: --group GROUP .. option:: --group GROUP
Name of the group to modify Name of the group to modify
.. option:: --mfa-required password|totp|any|none .. option:: --mfa-required password|totp|any|none
Enforce UNIX password requirement, or TOTP requirement, or any MFA requirement, when connecting to a server of the group Enforce UNIX password requirement, or TOTP requirement, or any MFA requirement, when connecting to a server of the group
.. option:: --guest-ttl-limit DURATION --idle-lock-timeout DURATION|0|-1 Overrides the global setting (`idleLockTimeout`), to the specified duration. If set to 0, disables `idleLockTimeout` for
this group. If set to -1, remove this group override and use the global setting instead.
--idle-kill-timeout DURATION|0|-1 Overrides the global setting (`idleKillTimeout`), to the specified duration. If set to 0, disables `idleKillTimeout` for
this group. If set to -1, remove this group override and use the global setting instead.
.. option:: --guest-ttl-limit DURATION
This group will enforce TTL setting, on guest access creation, to be set, and not to a higher value than DURATION, This group will enforce TTL setting, on guest access creation, to be set, and not to a higher value than DURATION,
set to zero to allow guest accesses creation without any TTL set (default) set to zero to allow guest accesses creation without any TTL set (default)
Note that `--idle-lock-timeout` and `--idle-kill-timeout` will NOT be applied for catch-all groups (having 0.0.0.0/0 in their server list).
If a server is in exactly one group an account is a member of, then its values of `--idle-lock-timeout` and `--idle-kill-timeout`, if set,
will prevail over the global setting. The global setting can be seen with `--osh info`.
Otherwise, the most restrictive setting (i.e. the one with the lower strictly positive duration) between
all the considered groups and the global setting, will be used.