[hobbit] restricting access to hobbit

[s_aiello at comcast.net]

On Thursday 15 November 2007, Tod Hansmann wrote:
> So what you are asking is to have one hobbit installation function in a
> manner equivalent to two hobbit installations.  The only reason the
> apache authentication stuff won't work is because the CGI-BIN stuff
> works on the raw data and/or memory state of hobbit's main
> functionality.  Thus, you would need to hack the code to do two things
> that is doesn't do currently:
>
> 1) You would need to get permissions built-in to bb-hosts
> interpretations, which would be trivial to have understood, but a lot of
> changes to do anything with that.  (Knowing there's a group A and B is
> one thing.  Knowing what do with that knowledge is the harder part).
> 2) You would need to modify all the CGI programs to work on the separate
> datas.
>
> This, in my estimation, is not at all what hobbit was designed for, and
> you'd be much better off just running two separate instances of hobbit.
> You can even run a third to combine the two sets of data into one (like
> we do) and only allow yourself to see that one.
>
> Am I missing something in my estimations here?
>
> Tod Hansmann
> Network Engineer
>

To get 2 separate instances can be performed by using Alternate Pagesets. See 
the Alternate Pagesets section under the bbgen man. That will not solve your 
issue with stoping a user group from maint'ing another group's devices, since 
the cgi dir isn't separate.

As to limiting users from ack'ing/maint'ing the other groups servers, you can 
look at a post I outlined long ago. The post is at:
http://www.hswn.dk/hobbiton/2007/07/msg00534.html

Not sure how this works with alternative page sets, but this should be enough 
for you to move forward and tweak accordingly.

 ~Steve