On Mon, Oct 01, 2007 at 09:41:36AM -0500, Aaron Kincaid wrote:
Hi, we have been setting up hobbit for our company over the last couple
of weeks and it is a brilliant product! We were originally planning on
allowing anyone within the company to see the pages, but now we have
been asked to limit access to each department head and the department
heads can only see the results for equipment in their department. We
have divided the bb-hosts file up using the PAGE function, but wanted to
know if there is a way to explicitly allow one or two people to see the
page for a specific department.
We also want to publish the site and use authentication to get to it,
what is the best way to meet both these goals?
Hobbit doesn't have any access controls built-in, so you need to
configure this through your webservers' access control mechanism.
These usually make it relatively straight-forward to secure access
to certain directories to a limited group of users. In Apache,
you'd put something like this in your config:
AuthType Basic
AuthName "Hobbit"
AuthUserfile "/etc/hobbit/users"
AuthGroupfile "/etc/hobbit/groups"
Alias /hobbit/ "/var/lib/hobbit/www/"
<Directory "/var/lib/hobbit/www">
Options Indexes FollowSymLinks Includes MultiViews
Order allow,deny
Allow from all
Require group admins
</Directory>
<Directory "/var/lib/hobbit/www/dept1/">
Require group admins dept1users
</Directory>
Note that you can also use .htaccess files to control this.
Then use the htpasswd utility to create users, and add users
to the "/etc/hobbit/group" file like
dept1users: john mick
admins: aaron
Regards,
Henrik
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk