Topic: Sarg Reports

[compsos]

Is there a way to open the Sarg reports to other users/groups to avoid the opening up of the admin password?
Thanks

[lancelott2]

Hello,

i havent tested it but if u install the user-manager-panel and proxy-users it should work.
Have a look here: http://www.dungog.net/wiki/Dungog-proxyusers

Greetings

Lance

[David Harper]

User access is controlled from the template /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess20sarg. DOwn the bottom (line 28) you will see:

Code: [Select]

require user admin

So create a custom template and add your admin group in:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess20sarg /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

Now add the following change to the custom template

Code: [Select]

require group ntadmins
require user admin

Replace ntadmins with whatever group you wish to grant access to.

Then expand the template and test the generated file:

Code: [Select]

expand-template /etc/httpd/conf/httpd.conf
httpd -t

If everything checks out, restart Apache:

Code: [Select]

service httpd-e-smith restart


[lancelott2]

Wow, David, thats a cool way.

But here another way:
Using NCSA Auth login

If you are using ncsa auth, create the user & password authentication list (you don't require users to be valid sme users)

touch /etc/proxyusers

Enter user names & password combinations one by one using this command

htpasswd -b /etc/proxyusers username password

You can test the authentication list using the following command

/usr/lib/squid/ncsa_auth /etc/proxyusers

Then enter the username & password when asked

You will see a ERR or OK response

[David Harper]

lancelet: proxy users works for proxy access, not access to the Sarg reports. The OP talks about "open[ing] the Sarg reports to other users/groups to avoid the [distribution] of the admin password".

[compsos]

Thanks David

Once I put the group in the server-manager link returned
"Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, admin@domainname and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log."

Comment out the require group command and all is OK. The group name is "manager" so will try another just in case of reserved word issue.

[compsos]

No group name did not make any difference. Add require group and the link failed.

This looks like the best clue
"configuration error:  couldn't check access.  No groups file?: /squid, referer: https://domainname/server-manager/navigation"

I will try on another system and see if I get the same results

[compsos]

David
It works with a new file
/usr/local/apache/passwd/passwords
containing
GroupName: user1 user2 user3 etc

[David Harper]

Great, glad you sorted it out.

IMHO the ability to add multiple users and/or groups should be added as a feature. If you like, you can file an NFR bug report.

[compsos]

On the overall design of SME would using this password file just be a break in design? I would have thought it should link back to the main password file rather than a new one. There is also another command of require valid_user but that would probably open it up to all local users. Not quite what management are wanting as a background usage review.

[David Harper]

I'm not sure exactly how snoble (smeserver-sarg maintainer) would make it work, but it's probably worth investigating.

[stephen noble]

Any admin panel can be delegated to selected users with the usermanager

http://www.dungog.net/wiki/Usermanager

[David Harper]

Does that work for Sarg too? When I looked at the template I figured the answer was no.

[stephen noble]

You could be right,
the panels that insert application data into /server-manager and prompt a second time for admin password probably won't work

working out why it prompts again, would be a better fix than working around each panel

[David Harper]

Looking at the file referenced earlier (90e-smithAccess20sarg), Sarg is just using a basic 'require' statement.