RZ Ruzor Docs

Files, accounts, access

Configuration

Rust-native Pyzor-compatible client and server documentation.

Homedir

Ruzor uses ~/.ruzor when HOME is set, otherwise /etc/ruzor. Relative paths from configuration files resolve inside the homedir.

FilePurpose
serversClient server list, one host:port per line.
accountsClient account credentials for authenticated servers.
whitelistClient-side digest whitelist.
ruzord.passwdServer account key database.
ruzord.accessServer ACL rules.
ruzord.dbDefault gdbm digest database.

Client Configuration

[client]
ServersFile = servers
AccountsFile = accounts
LogFile = client.log
LocalWhitelist = whitelist
Timeout = 5
Style = msg
ReportThreshold = 0
WhitelistThreshold = 0

Server Configuration

[server]
Port = 24441
ListenAddress = 0.0.0.0
LogFile = pyzord.log
UsageLogFile = pyzord-usage.log
PidFile = ruzord.pid
PasswdFile = ruzord.passwd
AccessFile = ruzord.access
Engine = gdbm
DigestDB = ruzord.db
CleanupAge = 0
ProxySources = public.pyzor.org
Threads = false
Processes = false
PreFork = 0

ProxySources is optional. It mirrors --proxy-source, accepts comma-separated host[:port] sources, and only affects local check misses. Positive upstream matches are cached locally; empty matches and upstream errors are skipped.

Accounts

Accounts let a server grant permissions beyond anonymous defaults. The user generates a salt and key, stores salt plus key in the client accounts file, and sends only the key material to the server operator.

ruzor genkey

# ~/.ruzor/accounts
public.ruzor.org : 24441 : alice : SALT,KEY

# /var/lib/ruzor/ruzord.passwd
alice : KEY

Access File

If no access file exists, anonymous users may check, report, ping, pong, and info. Whitelisting is denied by default.

# Allow anonymous checks and reports.
check report ping pong info : anonymous : allow

# Allow one authenticated user to whitelist too.
check report ping pong info whitelist : alice : allow

# Deny rule example.
whitelist : anonymous : deny