Ack & Enable/Disable - Limiting REMOTE_USER access.

All,

I have had the need for limiting Apache authenticated users Ack & Maint access in Hobbit.  This email will outline the procedure that I have created to do this. I hope this may of be some help or usefulness to the community.

First I established two levels of access, global & limited. I limit user's access to devices by putting devices they need ack/Maint access to, on a dedicated page. They are then granted ack/Maint access to that dedicated page. Limited access users do not have access to the Administration --> Enable/disable Web GUI. They can only Maint devices via the device's info report. Global access is allowed to Ack any device & has access to the Admin Web GUI.

Access control is configured via a file I created, called server/etc/cgiauthext.cfg, and has the format:
Admin: .*
WebAdmin: web
netAdmin: (switches|routers)

The Admin user has global access. The WebAdmin user only has Ack & Maint access to any device on the /web page. The netAdmin user has Ack & Maint access to devices on the /switches and /routers page. All users; Admin, WebAdmin, & netAdmin need to have users with the same name created in hobbit's apache password file (server/etc/hobbitpasswd).

This limiting of access was done by modifying the cgi-secure/bb-ack.sh & cgi-secure/hobbit-enadis.sh wrappers. Basically I prepended some shell script logic to the wrapper script. The additions are provided in the hobbit-user_auth.txt attachment which is in the output of diff -u.

Disclaimer: I have no idea if these mods will work for you or your environment. These mods were created on a Linux platform. Please use at your own risk.

 ~Steve