Thanks for the info. I gathered this was the case based on my reading, but I just wanted to make sure I didn't miss anything. I really don't want to hack all the scripts to provided this separation. The printer guys just need to know they don't mess with servers.

  ......Bruce

-----Original Message----- From: s_aiello at comcast.net [mailto:s_aiello at comcast.net] Sent: Friday, March 14, 2008 7:11 AM To: hobbit at hswn.dk Subject: Re: [hobbit] Securing CGI secure by monitored hosts

On Thursday 13 March 2008, White, Bruce wrote:

Hi all,

All these questions about securing hobbit has made me think about our hobbit set-up. Is there a way to secure the actions taken by scripts in the secure CGI directory to acting on specific listings in the bb-hosts file? We have one group responsible for printers which is completely different from the group responsible for servers. We would like to give the group responsible for printers the ability to put printers in maintenance mode, but would not want them to have the same access to servers. We are running a generic hobbit section of the httpd.conf file with users defined via the htpasswd command.

Out of the box, no Hobbit 4.2.0 does not have that feature. I implemented this function though by grouping devices on different pages. I then added to the cgi .sh scripts an authentication wrapper. Basically it checks a file that maps user name to pages the user has the authority to. So any device on the page, the user can put into maint via the device's info page. Since the Admin Enable/Disable function had more of a global scope, I severely limited it's access to a select few.

Hope this helps, ~Steve

To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk

Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Fellowes, Inc.