This is correct and I expect this part to work. But all the tools
bypass this security. For example, If you run an sla report, it builds
a new directory structure and hence the user that ran the report can
see everything from the top level down. Also, the enable/disable menu
option lets you see all hosts, same with findhost or even if you muck
around with the hostsvc URL.
I was wondering if there was some way of either wrapping this
functionality with something that restricts the hosts (like as if
bbhostgrep is used as the input to all these functions or something).
Has anyone achieved this or is it not possible without changing the
source?
Phil
On 16/11/2007, *Iain Conochie* <user-c784e16a5170@xymon.invalid
<mailto:user-c784e16a5170@xymon.invalid>> wrote:
Josh Luthman wrote:With two groups of hosts you still only have one directory
accessible
by web. This means Apache HTTP authentication is out of the
question.
That's about all I can tell you =/
Not necessarily!
You can use the PAGE statement in bb-hosts and then you have a new
directory for each page and sub-page underneath. You can then use
apache
auth for that.
Then for the top level you can also use apache auth for admins
Cheers
Iain
On 11/15/07, *Phil Wild* <user-e365c1418192@xymon.invalid
<mailto:user-e365c1418192@xymon.invalid <mailto:user-e365c1418192@xymon.invalid>>> wrote:
No, not quite, I want to make a single hobbit install work
for two
groups of users, and I don't want group A to have any access to
see or do anything to Group B hosts and vice versa.
I am tryingto find out if there is a way of restricting the
reports/tools/executables to only run against a subset of the
hosts defined in bbhosts say like using bbgrep to filter on
a tag
or something for all functions.
Any ideas?
Phil
On 16/11/2007, *Josh Luthman* < user-4c45a83f15cb@xymon.invalid
<mailto:user-4c45a83f15cb@xymon.invalid>>> wrote:
The default Apache configuration that Hobbit makes for you
will specify requiring HTTP logins for the cgisec
directory.
Is this what you're looking for?
On 11/14/07, * Phil Wild* <user-e365c1418192@xymon.invalid
<mailto: user-e365c1418192@xymon.invalid
<mailto:user-e365c1418192@xymon.invalid>>> wrote:
Hello,
I am looking at setting up hobbit to manage two
groups of
hosts. I would prefer to just deploy one hobbit
installation for both groups. For most of the hobbit web
pages, Apache security solves a lot of the browsing
issues
but the cgi-bin executables and menus are the problem.
I want to make sure one group don't have access to
see or
make changes to the other groups hosts.
The areas I see a problem with are:
hobbit-enadis.sh
bb-findhost.sh
hobbit-confreport.sh
I would like to restrict the above to only work with a
subset of hosts (perhaps a tag in the bbhosts file)
The reports generate web pages on the fly and drop the
user at the top level page which is not what I would
prefer (each group have their own top level page etc.)
All nongreen view is also an issue
and lastly, manually modifying the URL based on
bb-hostsvc.sh to get to a web page for a host in the
other
groups list is also a problem.
Any ideas how I can address this?
Thanks
Phil
--
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
Those who don't understand UNIX are condemned to
reinvent it,
poorly.
--- Henry Spencer
--
Tel: XXXX XXX XXX
Fax: XXXX XXX XXX
email: user-e365c1418192@xymon.invalid <mailto:user-e365c1418192@xymon.invalid>
--
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
Those who don't understand UNIX are condemned to reinvent it,
poorly.
--- Henry Spencer
--
Tel: XXXX XXX XXX
Fax: XXXX XXX XXX
email: user-e365c1418192@xymon.invalid <mailto:user-e365c1418192@xymon.invalid>