Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: compsos on March 30, 2009, 02:02:54 AM
-
Is there a way to open the Sarg reports to other users/groups to avoid the opening up of the admin password?
Thanks
-
Hello,
i havent tested it but if u install the user-manager-panel and proxy-users it should work.
Have a look here: http://www.dungog.net/wiki/Dungog-proxyusers
Greetings
Lance
-
User access is controlled from the template /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess20sarg. DOwn the bottom (line 28) you will see:
require user admin
So create a custom template and add your admin group in:
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess20sarg /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
Now add the following change to the custom template
require group ntadmins
require user admin
Replace ntadmins with whatever group you wish to grant access to.
Then expand the template and test the generated file:
expand-template /etc/httpd/conf/httpd.conf
httpd -t
If everything checks out, restart Apache:
service httpd-e-smith restart
-
Wow, David, thats a cool way.
But here another way:
Using NCSA Auth login
If you are using ncsa auth, create the user & password authentication list (you don't require users to be valid sme users)
touch /etc/proxyusers
Enter user names & password combinations one by one using this command
htpasswd -b /etc/proxyusers username password
You can test the authentication list using the following command
/usr/lib/squid/ncsa_auth /etc/proxyusers
Then enter the username & password when asked
You will see a ERR or OK response
-
lancelet: proxy users works for proxy access, not access to the Sarg reports. The OP talks about "open[ing] the Sarg reports to other users/groups to avoid the [distribution] of the admin password".
-
Thanks David
Once I put the group in the server-manager link returned
"Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@domainname and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log."
Comment out the require group command and all is OK. The group name is "manager" so will try another just in case of reserved word issue.
-
No group name did not make any difference. Add require group and the link failed.
This looks like the best clue
"configuration error: couldn't check access. No groups file?: /squid, referer: https://domainname/server-manager/navigation"
I will try on another system and see if I get the same results
-
David
It works with a new file
/usr/local/apache/passwd/passwords
containing
GroupName: user1 user2 user3 etc
-
Great, glad you sorted it out.
IMHO the ability to add multiple users and/or groups should be added as a feature. If you like, you can file an NFR bug report.
-
On the overall design of SME would using this password file just be a break in design? I would have thought it should link back to the main password file rather than a new one. There is also another command of require valid_user but that would probably open it up to all local users. Not quite what management are wanting as a background usage review.
-
I'm not sure exactly how snoble (smeserver-sarg maintainer) would make it work, but it's probably worth investigating.
-
Any admin panel can be delegated to selected users with the usermanager
http://www.dungog.net/wiki/Usermanager
-
Does that work for Sarg too? When I looked at the template I figured the answer was no.
-
You could be right,
the panels that insert application data into /server-manager and prompt a second time for admin password probably won't work
working out why it prompts again, would be a better fix than working around each panel
-
Looking at the file referenced earlier (90e-smithAccess20sarg), Sarg is just using a basic 'require' statement.