[hobbit] restricting access to hobbit
Tod Hansmann
thansmann at directpointe.com
Thu Nov 15 17:14:02 CET 2007
So what you are asking is to have one hobbit installation function in a
manner equivalent to two hobbit installations. The only reason the
apache authentication stuff won't work is because the CGI-BIN stuff
works on the raw data and/or memory state of hobbit's main
functionality. Thus, you would need to hack the code to do two things
that is doesn't do currently:
1) You would need to get permissions built-in to bb-hosts
interpretations, which would be trivial to have understood, but a lot of
changes to do anything with that. (Knowing there's a group A and B is
one thing. Knowing what do with that knowledge is the harder part).
2) You would need to modify all the CGI programs to work on the separate
datas.
This, in my estimation, is not at all what hobbit was designed for, and
you'd be much better off just running two separate instances of hobbit.
You can even run a third to combine the two sets of data into one (like
we do) and only allow yourself to see that one.
Am I missing something in my estimations here?
Tod Hansmann
Network Engineer
-----Original Message-----
From: Iain Conochie [mailto:iain at shihad.org]
Sent: Thursday, November 15, 2007 8:58 AM
To: hobbit at hswn.dk
Subject: Re: [hobbit] restricting access to hobbit
Josh Luthman wrote:
> I've never used the PAGE statement, but I was under the impression it
> was just going to put the following hosts in www/newpage.html instead
> of www/bb.html - same directory. Is this not so?
Nope. Using "PAGE NewPage This is a new page!" statement creates a
directory NewPage and there is an index.html file under that
Iain
>
> On 11/15/07, *Iain Conochie* <iain at shihad.org
> <mailto:iain at shihad.org>> wrote:
>
> Josh Luthman wrote:
> > With two groups of hosts you still only have one directory
> accessible
> > by web. This means Apache HTTP authentication is out of the
> question.
> >
> > That's about all I can tell you =/
>
> Not necessarily!
>
> You can use the PAGE statement in bb-hosts and then you have a new
> directory for each page and sub-page underneath. You can then use
> apache
> auth for that.
>
> Then for the top level you can also use apache auth for admins
>
> Cheers
>
> Iain
>
> >
> > On 11/15/07, *Phil Wild* <philwild at gmail.com
> <mailto:philwild at gmail.com>
> > <mailto:philwild at gmail.com <mailto:philwild at gmail.com>>> wrote:
> >
> > No, not quite, I want to make a single hobbit install work
> for two
> > groups of users, and I don't want group A to have any access
to
> > see or do anything to Group B hosts and vice versa.
> >
> > I am tryingto find out if there is a way of restricting the
> > reports/tools/executables to only run against a subset of
the
> > hosts defined in bbhosts say like using bbgrep to filter on
> a tag
> > or something for all functions.
> >
> > Any ideas?
> >
> > Phil
> >
> >
> > On 16/11/2007, *Josh Luthman* < josh at imaginenetworksllc.com
> <mailto:josh at imaginenetworksllc.com>
> > <mailto:josh at imaginenetworksllc.com
> <mailto:josh at imaginenetworksllc.com>>> wrote:
> >
> > The default Apache configuration that Hobbit makes for
you
> > will specify requiring HTTP logins for the cgisec
> directory.
> > Is this what you're looking for?
> >
> >
> > On 11/14/07, * Phil Wild* <philwild at gmail.com
> <mailto:philwild at gmail.com>
> > <mailto: philwild at gmail.com
> <mailto:philwild at gmail.com>>> wrote:
> >
> > Hello,
> >
> > I am looking at setting up hobbit to manage two
> groups of
> > hosts. I would prefer to just deploy one hobbit
> > installation for both groups. For most of the hobbit
web
> > pages, Apache security solves a lot of the browsing
> issues
> > but the cgi-bin executables and menus are the
problem.
> >
> > I want to make sure one group don't have access to
> see or
> > make changes to the other groups hosts.
> >
> > The areas I see a problem with are:
> >
> > hobbit-enadis.sh
> > bb-findhost.sh
> > hobbit-confreport.sh
> >
> > I would like to restrict the above to only work with
a
> > subset of hosts (perhaps a tag in the bbhosts file)
> >
> > The reports generate web pages on the fly and drop
the
> > user at the top level page which is not what I would
> > prefer (each group have their own top level page
etc.)
> >
> > All nongreen view is also an issue
> >
> > and lastly, manually modifying the URL based on
> > bb-hostsvc.sh to get to a web page for a host in the
> other
> > groups list is also a problem.
> >
> > Any ideas how I can address this?
> >
> > Thanks
> >
> > Phil
> >
> >
> >
> >
> > --
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> >
> > Those who don't understand UNIX are condemned to
> reinvent it,
> > poorly.
> > --- Henry Spencer
> >
> >
> >
> >
> > --
> > Tel: 0400 466 952
> > Fax: 0433 123 226
> > email: philwild at gmail.com <mailto:philwild at gmail.com>
> <mailto:philwild at gmail.com <mailto:philwild at gmail.com>>
> >
> >
> >
> >
> > --
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> >
> > Those who don't understand UNIX are condemned to reinvent it,
> poorly.
> > --- Henry Spencer
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk <mailto:hobbit-unsubscribe at hswn.dk>
>
>
>
>
>
> --
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> Those who don't understand UNIX are condemned to reinvent it, poorly.
> --- Henry Spencer
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk
More information about the Xymon
mailing list