[hobbit] restricting access to hobbit

Phil Wild philwild at gmail.com
Fri Nov 16 01:36:25 CET 2007


Thank you all,

This is what I was kind of expecting. The path we are currently going to
take is to use Xen to run two versions on the one box. The virtual host idea
is interesting but I expect we would have problems with all the daemons.

I was kind of hopting that all these functions used a common utility like
bbhostgrep or something to get the list of hosts from the bb-hosts tree and
if so, it may have been simple to modify along the lines of putting a
commented tag against hosts listed in bb-hosts.

For the functions/reports that built directory structures I was thinking
that a wrapper could be used to put the authentication directives in the
right places.

Cheers

Phil


On 16/11/2007, s_aiello at comcast.net <s_aiello at comcast.net> wrote:
>
> On Thursday 15 November 2007, Tod Hansmann wrote:
> > So what you are asking is to have one hobbit installation function in a
> > manner equivalent to two hobbit installations.  The only reason the
> > apache authentication stuff won't work is because the CGI-BIN stuff
> > works on the raw data and/or memory state of hobbit's main
> > functionality.  Thus, you would need to hack the code to do two things
> > that is doesn't do currently:
> >
> > 1) You would need to get permissions built-in to bb-hosts
> > interpretations, which would be trivial to have understood, but a lot of
> > changes to do anything with that.  (Knowing there's a group A and B is
> > one thing.  Knowing what do with that knowledge is the harder part).
> > 2) You would need to modify all the CGI programs to work on the separate
> > datas.
> >
> > This, in my estimation, is not at all what hobbit was designed for, and
> > you'd be much better off just running two separate instances of hobbit.
> > You can even run a third to combine the two sets of data into one (like
> > we do) and only allow yourself to see that one.
> >
> > Am I missing something in my estimations here?
> >
> > Tod Hansmann
> > Network Engineer
> >
>
> To get 2 separate instances can be performed by using Alternate Pagesets.
> See
> the Alternate Pagesets section under the bbgen man. That will not solve
> your
> issue with stoping a user group from maint'ing another group's devices,
> since
> the cgi dir isn't separate.
>
> As to limiting users from ack'ing/maint'ing the other groups servers, you
> can
> look at a post I outlined long ago. The post is at:
> http://www.hswn.dk/hobbiton/2007/07/msg00534.html
>
> Not sure how this works with alternative page sets, but this should be
> enough
> for you to move forward and tweak accordingly.
>
> ~Steve
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>


-- 
Tel: 0400 466 952
Fax: 0433 123 226
email: philwild at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20071116/d72a6d9f/attachment.html>


More information about the Xymon mailing list