Re: [hobbit] restricting access to hobbit

[Iain Conochie <iain (at) shihad.org>]

Josh Luthman wrote:
> With two groups of hosts you still only have one directory accessible 
> by web.  This means Apache HTTP authentication is out of the question.
>
> That's about all I can tell you =/

Not necessarily!

You can use the PAGE statement in bb-hosts and then you have a new 
directory for each page and sub-page underneath. You can then use apache 
auth for that.

Then for the top level you can also use apache auth for admins

Cheers

Iain

> On 11/15/07, *Phil Wild* <philwild (at) gmail.com 
> <mailto:philwild (at) gmail.com>> wrote:
>
>     No, not quite, I want to make a single hobbit install work for two
>     groups of users, and I don't want group A to have any access to
>     see or do anything to Group B hosts and vice versa.
>
>     I am tryingto find out if there is a way of restricting the
>     reports/tools/executables to only run against a subset of the
>     hosts defined in bbhosts say like using bbgrep to filter on a tag
>     or something for all functions.
>
>     Any ideas?
>
>     Phil
>
>
>     On 16/11/2007, *Josh Luthman* < josh (at) imaginenetworksllc.com
>     <mailto:josh (at) imaginenetworksllc.com>> wrote:
>
>         The default Apache configuration that Hobbit makes for you
>         will specify requiring HTTP logins for the cgisec directory.
>         Is this what you're looking for?
>
>
>         On 11/14/07, * Phil Wild* <philwild (at) gmail.com
>         <mailto:philwild (at) gmail.com>> wrote:
>
>             Hello,
>              
>             I am looking at setting up hobbit to manage two groups of
>             hosts. I would prefer to just deploy one hobbit
>             installation for both groups. For most of the hobbit web
>             pages, Apache security solves a lot of the browsing issues
>             but the cgi-bin executables and menus are the problem.
>              
>             I want to make sure one group don't have access to see or
>             make changes to the other groups hosts.
>              
>             The areas I see a problem with are:
>              
>             hobbit-enadis.sh 
>             bb-findhost.sh
>             hobbit-confreport.sh
>              
>             I would like to restrict the above to only work with a
>             subset of hosts (perhaps a tag in the bbhosts file)
>              
>             The reports generate web pages on the fly and drop the
>             user at the top level page which is not what I would
>             prefer (each group have their own top level page etc.)
>              
>             All nongreen view is also an issue
>              
>             and lastly, manually modifying the URL based on
>             bb-hostsvc.sh to get to a web page for a host in the other
>             groups list is also a problem.
>              
>             Any ideas how I can address this?
>              
>             Thanks
>              
>             Phil
>
>
>
>
>         -- 
>         Josh Luthman
>         Office: 937-552-2340
>         Direct: 937-552-2343
>         1100 Wayne St
>         Suite 1337
>         Troy, OH 45373
>
>         Those who don't understand UNIX are condemned to reinvent it,
>         poorly.
>         --- Henry Spencer 
>
>
>
>
>     -- 
>     Tel: 0400 466 952
>     Fax: 0433 123 226
>     email: philwild (at) gmail.com <mailto:philwild (at) gmail.com> 
>
>
>
>
> --
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> Those who don't understand UNIX are condemned to reinvent it, poorly.
> --- Henry Spencer