On Mon, Oct 01, 2007 at 09:41:36AM -0500, Aaron Kincaid wrote:
Hi, we have been setting up hobbit for our company over the last couple of weeks and it is a brilliant product! We were originally planning on allowing anyone within the company to see the pages, but now we have been asked to limit access to each department head and the department heads can only see the results for equipment in their department. We have divided the bb-hosts file up using the PAGE function, but wanted to know if there is a way to explicitly allow one or two people to see the page for a specific department.
We also want to publish the site and use authentication to get to it, what is the best way to meet both these goals?
Hobbit doesn't have any access controls built-in, so you need to configure this through your webservers' access control mechanism. These usually make it relatively straight-forward to secure access to certain directories to a limited group of users. In Apache, you'd put something like this in your config:
AuthType Basic AuthName "Hobbit" AuthUserfile "/etc/hobbit/users" AuthGroupfile "/etc/hobbit/groups"
Alias /hobbit/ "/var/lib/hobbit/www/" <Directory "/var/lib/hobbit/www"> Options Indexes FollowSymLinks Includes MultiViews Order allow,deny Allow from all Require group admins </Directory>
<Directory "/var/lib/hobbit/www/dept1/"> Require group admins dept1users </Directory>
Note that you can also use .htaccess files to control this.
Then use the htpasswd utility to create users, and add users to the "/etc/hobbit/group" file like
dept1users: john mick admins: aaron
Regards, Henrik