Configure OSSL function access
In OpenSim Arriba OSSL is configured in the OpenSim.ini, namely in the section [XEngine]. All modification options described here are optional.
OSSL expands the function library for scripts in OpenSim, in addition to the LSL functions. Some functions are very powerful with high attack potential, which should not be usable for everyone in public accessible grids. One possible strategy is indeed to allow OSSL, but assign all of its functions with a “Threat Level” bigger than “VeryLow” to specific user groups with explicit permissions.
If guests are not allowed to run scripts on your regions (or they are not allowed to rez) and you do not use any OSSL functions in your scripts, you can generally disable OSSL. In Arriba it is turned on by default, in contrast to OpenSim 0.8 or 0.9.
; AllowOSFunctions = false
In non-public grids, the privilege level can be raised on a flat-rate basis so that generally more OSSL functions are allowed. Allowed values: “None”, “VeryLow”, “Low”, “Moderate”, “High”, “VeryHigh”, “Severe”.
[XEngine] ... OSFunctionThreatLevel = "VeryLow"
Individual OSSL functions may be allowed for specific Avatar UUIDs, specific roles or in general. Alternatively, they can generally be banned. Multiple permissions can be specified separated with commas. Examples:
; true generally allows the use of the function. ; Allow_osSetRegionWaterHeight = true ; false generally prohibits the use of the function. ; Allow_osSetRegionWaterHeight = false ; Comma separated list of Avatar UUIDs allows the function for these Avatars. ; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, ..." ; Alternatively or additionally, the following roles can be allowed in the list: ; - PARCEL_GROUP_MEMBER: Das Objekt ist in der selben Gruppe wie das Land. ; - PARCEL_OWNER: Das Objekt gehört dem Landbesitzer. ; - ESTATE_MANAGER: Das Objekt gehört einem Estate Manager. ; - ESTATE_OWNER: Das Objekt gehört dem Estate Owner. ; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER, ..."
Many dance balls or teleporter scripts in OpenSim use OSSL functions to move avatars. For this reason, it is reasonable to allow this at least to the scripts installed in the regions.
[XEngine] ... Allow_osAvatarPlayAnimation = "PARCEL_GROUP_MEMBER, PARCEL_OWNER, ESTATE_MANAGER, ESTATE_OWNER" Allow_osAvatarStopAnimation = "PARCEL_GROUP_MEMBER, PARCEL_OWNER, ESTATE_MANAGER, ESTATE_OWNER" Allow_osForceDetachFromAvatar = "PARCEL_GROUP_MEMBER, PARCEL_OWNER, ESTATE_MANAGER, ESTATE_OWNER" Allow_osForceOtherSit = "PARCEL_GROUP_MEMBER, PARCEL_OWNER, ESTATE_MANAGER, ESTATE_OWNER" Allow_osSetRot = "PARCEL_GROUP_MEMBER, PARCEL_OWNER, ESTATE_MANAGER, ESTATE_OWNER"
Continued: Database backup and restore for SQL