Configure OSSL function access

General

OSSL expands the function library for scripts in OpenSim, in addition to the LSL functions. Some functions are very powerful with high attack potential, which should not be usable for everyone in public accessible grids. One possible strategy is indeed to allow OSSL, but assign all of its functions with a “Threat Level” bigger than “VeryLow” to specific user groups with explicit permissions. This is the default.

Unless otherwise configured in OpenSim.ini, you will find a separate file “osslEnable.ini” in the directory “config-include”, where the access rights to OSSL are configured and can be changed if necessary.

If you use OSSL functions in your scripts, OSSL must be turned on. In the interest of the visitors, you should also do that, if scripts are allowed to run on the regions, because OSSL functions are now included in many freebie scripts.

AllowOSFunctions = true

In non-public grids, the privilege level can be raised on a flat-rate basis so that generally more OSSL functions are allowed. Allowed values: “None”, “VeryLow”, “Low”, “Moderate”, “High”, “VeryHigh”, “Severe”.

OSFunctionThreatLevel = "VeryLow"

Individual OSSL functions may be allowed for specific Avatar UUIDs, specific roles or in general. Alternatively, they can generally be banned. Multiple permissions can be specified separated with commas. Examples:

; true generally allows the use of the function.
; Allow_osSetRegionWaterHeight = true

; false generally prohibits the use of the function.
; Allow_osSetRegionWaterHeight = false

; Comma separated list of Avatar UUIDs allows the function for these Avatars.
; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, ..."

; Alternatively or additionally, the following roles can be allowed in the list:
; - PARCEL_GROUP_MEMBER:  Das Objekt ist in der selben Gruppe wie das Land.
; - PARCEL_OWNER:         Das Objekt gehört dem Landbesitzer.
; - ESTATE_MANAGER:       Das Objekt gehört einem Estate Manager.
; - ESTATE_OWNER:         Das Objekt gehört dem Estate Owner.
; Allow_osSetRegionWaterHeight = "888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER, ..."

Variables can be defined in the ini-files of OpenSim. This is used in the osslEnable.ini so that you do not have to type the same values again and again in many places.
Example:

osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER,"

Note the comma after the last value! If a variable osslParcelOG has now been defined in section [OSSL], it can be used as follows. Note the missing comma, if more values shall be listed:

Allow_osGetAgents = "${OSSL|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER"

Those who use Windlight settings on the regions usually also want visitors to be able to see them. They are transmitted with special OSSL functions, if allowed. Default is “false”, but in the OSGrid configuration the permission is already set to “true”. Verification:

 AllowLightShareFunctions = true

If the following is set to “true”, function permission errors are sent to the owner only, otherwise to all in script chat range. Not implemented in opensim-0.9.1.0.

PermissionErrorToOwner = false

Suggestions of individual settings

Note: The preconfigured permissions differ slightly between the different grids. If visitors are allowed to run scripts on the regions, without good reason should not be forbidden more functions as common in the respective grid. If individual scripts run “anywhere”, but not on your regions, visitors perceive this as a misconfiguration.

Many dance balls or teleporter scripts in OpenSim use OSSL functions to move avatars. For this reason, it is reasonable to allow this at least to the scripts installed in the regions.

Allow_osAvatarPlayAnimation =   "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osAvatarStopAnimation =   "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osForceDetachFromAvatar = "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osForceOtherSit =         "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"
Allow_osSetRot =                "${OSSL|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER"

Continued: Database backup and restore for SQL

Scroll to Top