Configure OSSL function access

General

OSSL expands the function library for scripts in OpenSim, in addition to the LSL functions. Some functions are very powerful with high attack potential, which should not be usable for everyone in public accessible grids. One possible strategy is indeed to allow OSSL, but assign all of its functions with a “Threat Level” bigger than “VeryLow” to specific user groups with explicit permissions. This is the default.

In the “config-include” directory you will find a separate file “osslEnable.ini.example”, where the access rights to OSSL can be changed if necessary. To do this, the file must be renamed “osslEnable.ini” and edited as required. All available options and their default values can be found in the “osslDefaultEnable.ini” file, which, however, should not be edited directly.

In non-public grids, the privilege level can be raised on a flat-rate basis so that generally more OSSL functions are allowed. Allowed values: “None”, “VeryLow”, “Low”, “Moderate”, “High”, “VeryHigh”, “Severe”.

OSFunctionThreatLevel = "VeryLow"

Individual OSSL functions may be allowed for specific Avatar UUIDs, specific roles or in general. Alternatively, they can generally be banned. Multiple permissions can be specified separated with commas. Examples:

; true generally allows the use of the function.
; Allow_osSetRegionWaterHeight = true

; false generally prohibits the use of the function.
; Allow_osSetRegionWaterHeight = false

; Comma separated list of Avatar UUIDs allows the function for these Avatars.
; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, ..."

; Alternatively or additionally, the following roles can be allowed in the list:
; - PARCEL_GROUP_MEMBER:  Das Objekt ist in der selben Gruppe wie das Land.
; - PARCEL_OWNER:         Das Objekt gehört dem Landbesitzer.
; - ESTATE_MANAGER:       Das Objekt gehört einem Estate Manager.
; - ESTATE_OWNER:         Das Objekt gehört dem Estate Owner.
; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER, ..."

Variables can be defined in the ini-files of OpenSim. This is used in the osslEnable.ini so that you do not have to type the same values again and again in many places.
Example:

osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER,"

Note the comma after the last value! If a variable osslParcelOG has now been defined in section [OSSL], it can be used as follows. Note the missing comma, if more values shall be listed:

Allow_osGetAgents = "${OSSL|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER"

If the following is set to “true”, function permission errors are sent to the owner only, otherwise to all in script chat range.

PermissionErrorToOwner = false

Suggestions of individual settings

Note: The preconfigured permissions differ slightly between the different grids. If visitors are allowed to run scripts on the regions, without good reason should not be forbidden more functions as common in the respective grid. If individual scripts run “anywhere”, but not on your regions, visitors perceive this as a misconfiguration.

Many dance balls or teleporter scripts in OpenSim use OSSL functions to move avatars. For this reason, it is reasonable to allow this at least to the scripts installed in the regions.

Allow_osAvatarPlayAnimation =   "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osAvatarStopAnimation =   "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osForceDetachFromAvatar = "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osForceOtherSit =         "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osSetRot =                "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"

Continued: Database backup and restore for SQL

Scroll to Top