
                       CGIWrap - Access Control Files
     _________________________________________________________________

   CGIWrap   includes   faclities   similar  to  the  cron  facility  for
   controlling  who  can  access  scripts.  In  general, I don't use this
   facility  except  to  have a deny file available in those cases when I
   see   someone  abusing  cgi  scripts/extreme  CPU  utilization/obvious
   security hole/etc.

   Note  that  none  of  the  below  is effective unless you have enabled
   access control files when you configure and install CGIWrap.

  Access Control Logic

     * Neither file exists - Configuration Error
     * User in both files - Access Denied
     * Allow exists and user not in file - Access Denied
     * Deny exists and user in file - Access Denied
     * Otherwise - Access Allowed

   Basically,  in  order  for  a  user  to  be allowed to execute scripts
   through  cgiwrap:  If the allow file exists, the user has to be in it.
   If the deny file exists, the user can't be in it.

  File Format

   Without  the  host checking enabled, the format is just one userid per
   line. Same format as the cron allow and deny files.

   With host checking enabled, it is (i think):

   userid@xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy

   where x is the network and y is the mask. Userid can be * to match all
   users at that network/mask.
