[hobbit] restricting access to hobbit

Tue Nov 20 16:07:22 CET 2007

Jerry, get coding!  =)

As that isn't a possibility right now, I guess the only solution is a whole
new Hobbit install - correct?

On 11/20/07, Jerry Yu <jjj863 at gmail.com> wrote:
>
> What Phil requested may be worthy of the status of a new feature:
> capability to segment hosts into groups, which in turn can be accessed
> and/or managed only by designated users/group.
> For some large installations with thousands of hosts, it seems to be a
> must-have instead of a nice-to-have.
>
> On Nov 15, 2007 7:36 PM, Phil Wild <philwild at gmail.com> wrote:
>
> > Thank you all,
> >
> > This is what I was kind of expecting. The path we are currently going to
> > take is to use Xen to run two versions on the one box. The virtual host idea
> > is interesting but I expect we would have problems with all the daemons.
> >
> > I was kind of hopting that all these functions used a common utility
> > like bbhostgrep or something to get the list of hosts from the bb-hosts tree
> > and if so, it may have been simple to modify along the lines of putting a
> > commented tag against hosts listed in bb-hosts.
> >
> > For the functions/reports that built directory structures I was thinking
> > that a wrapper could be used to put the authentication directives in the
> > right places.
> >
> > Cheers
> >
> > Phil
> >
> >
> > On 16/11/2007, s_aiello at comcast.net <s_aiello at comcast.net > wrote:
> > >
> > > On Thursday 15 November 2007, Tod Hansmann wrote:
> > > > So what you are asking is to have one hobbit installation function
> > > in a
> > > > manner equivalent to two hobbit installations.  The only reason the
> > > > apache authentication stuff won't work is because the CGI-BIN stuff
> > > > works on the raw data and/or memory state of hobbit's main
> > > > functionality.  Thus, you would need to hack the code to do two
> > > things
> > > > that is doesn't do currently:
> > > >
> > > > 1) You would need to get permissions built-in to bb-hosts
> > > > interpretations, which would be trivial to have understood, but a
> > > lot of
> > > > changes to do anything with that.  (Knowing there's a group A and B
> > > is
> > > > one thing.  Knowing what do with that knowledge is the harder part).
> > > > 2) You would need to modify all the CGI programs to work on the
> > > separate
> > > > datas.
> > > >
> > > > This, in my estimation, is not at all what hobbit was designed for,
> > > and
> > > > you'd be much better off just running two separate instances of
> > > hobbit.
> > > > You can even run a third to combine the two sets of data into one
> > > (like
> > > > we do) and only allow yourself to see that one.
> > > >
> > > > Am I missing something in my estimations here?
> > > >
> > > > Tod Hansmann
> > > > Network Engineer
> > > >
> > >
> > > To get 2 separate instances can be performed by using Alternate
> > > Pagesets. See
> > > the Alternate Pagesets section under the bbgen man. That will not
> > > solve your
> > > issue with stoping a user group from maint'ing another group's
> > > devices, since
> > > the cgi dir isn't separate.
> > >
> > > As to limiting users from ack'ing/maint'ing the other groups servers,
> > > you can
> > > look at a post I outlined long ago. The post is at:
> > > http://www.hswn.dk/hobbiton/2007/07/msg00534.html
> > >
> > > Not sure how this works with alternative page sets, but this should be
> > > enough
> > > for you to move forward and tweak accordingly.
> > >
> > > ~Steve
> > >
> > > To unsubscribe from the hobbit list, send an e-mail to
> > > hobbit-unsubscribe at hswn.dk
> > >
> > >
> > >
> >
> >
> > --
> >
> > Tel: 0400 466 952
> > Fax: 0433 123 226
> > email: philwild at gmail.com
> >
>
>

-- 
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

Those who don't understand UNIX are condemned to reinvent it, poorly.
--- Henry Spencer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20071120/ad03e1b6/attachment.html>