src/main/features/base-repoinit.txt - sling-org-apache-sling-starter - Git at Google

 #
 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
 #  distributed with this work for additional information
 #  regarding copyright ownership.  The ASF licenses this file
 #  to you under the Apache License, Version 2.0 (the
 #  "License"); you may not use this file except in compliance
 #  with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing,
 #  software distributed under the License is distributed on an
 #  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #  KIND, either express or implied.  See the License for the
 #  specific language governing permissions and limitations
 #  under the License.
 #

 # general
 create path (sling:OrderedFolder) /content
 set ACL for everyone
     allow   jcr:read   on /content
 end

 # sling-readall
 create service user sling-readall with path system/sling

 set principal ACL for sling-readall
     allow   jcr:read    on /
 end

 # sling-xss
 create service user sling-xss with path system/sling

 create path (sling:Folder) /apps/sling/xss

 set principal ACL for sling-xss
     allow   jcr:read    on /apps/sling/xss
 end

 # sling-jcr-install
 create service user sling-jcr-install with path system/sling

 # used for config OSGi writeback
 create path (sling:Folder) /apps/sling/install

 set principal ACL for sling-jcr-install
     allow    rep:write    on /apps/sling/install
 end

 # content-package installer
 create service user sling-package-install with path system/sling

 set principal ACL for sling-package-install
     allow   jcr:all     on    /
     allow   jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement on :repository
 end
 #<<< SLING-5848 - Define service user and ACLs for Scripting
 create service user sling-search-path-reader with path system/sling

 create path (sling:Folder) /libs
 create path (sling:Folder) /apps

 set principal ACL for sling-search-path-reader
     allow   jcr:read    on /libs,/apps
 end
 # SLING-5848 - Define service user and ACLs for Scripting >>>
 #<<< SLING-9735 - Define service user and ACLs for jcr.contentloader
 create service user sling-jcr-content-loader with path system/sling
 set principal ACL for sling-jcr-content-loader
     allow jcr:all on /
 end
 # SLING-9735 - Define service user and ACLs for jcr.contentloader >>>
 #<<< SLING-9809 - Define service user and ACLs for jcr.usermanager
 create service user sling-jcr-usermanager with path system/sling
 set principal ACL for sling-jcr-usermanager
     allow jcr:read,jcr:readAccessControl,jcr:modifyAccessControl,rep:write,rep:userManagement on /home
 end
 # SLING-9809 - Define service user and ACLs for jcr.usermanager >>>

 # SLING-10597 - Simplify setup of resource resolution mappings
 create path (sling:Folder) /etc/map
 create path (sling:Folder) /etc/map/http
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#

	# general
	create path (sling:OrderedFolder) /content
	set ACL for everyone
	allow jcr:read on /content
	end

	# sling-readall
	create service user sling-readall with path system/sling

	set principal ACL for sling-readall
	allow jcr:read on /
	end

	# sling-xss
	create service user sling-xss with path system/sling

	create path (sling:Folder) /apps/sling/xss

	set principal ACL for sling-xss
	allow jcr:read on /apps/sling/xss
	end

	# sling-jcr-install
	create service user sling-jcr-install with path system/sling

	# used for config OSGi writeback
	create path (sling:Folder) /apps/sling/install

	set principal ACL for sling-jcr-install
	allow rep:write on /apps/sling/install
	end

	# content-package installer
	create service user sling-package-install with path system/sling

	set principal ACL for sling-package-install
	allow jcr:all on /
	allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement on :repository
	end
	#<<< SLING-5848 - Define service user and ACLs for Scripting
	create service user sling-search-path-reader with path system/sling

	create path (sling:Folder) /libs
	create path (sling:Folder) /apps

	set principal ACL for sling-search-path-reader
	allow jcr:read on /libs,/apps
	end
	# SLING-5848 - Define service user and ACLs for Scripting >>>
	#<<< SLING-9735 - Define service user and ACLs for jcr.contentloader
	create service user sling-jcr-content-loader with path system/sling
	set principal ACL for sling-jcr-content-loader
	allow jcr:all on /
	end
	# SLING-9735 - Define service user and ACLs for jcr.contentloader >>>
	#<<< SLING-9809 - Define service user and ACLs for jcr.usermanager
	create service user sling-jcr-usermanager with path system/sling
	set principal ACL for sling-jcr-usermanager
	allow jcr:read,jcr:readAccessControl,jcr:modifyAccessControl,rep:write,rep:userManagement on /home
	end
	# SLING-9809 - Define service user and ACLs for jcr.usermanager >>>

	# SLING-10597 - Simplify setup of resource resolution mappings
	create path (sling:Folder) /etc/map
	create path (sling:Folder) /etc/map/http