Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. conserver>
  3. users
console rw access control
selsky at columbia
Nov 12, 2003, 4:59 PM
Post #1 of 3 (419 views)
Permalink
I'm migrating from consever 7.2.x to 8.0.x and I'm having some trouble
figuring out the configuration syntax for the access control that I was
doing before.

My 7.2.x conserver.passwd file looked like this:

abc123:*passwd*:aleph
*any*::any

So abc123 only gets access to "aleph" and everyone else gets access to
all consoles.

My configuration for 8.0.x looks like this:

default * {
logfile /var/log/consoles/&;
master localhost;
type host;
timestamp 1la;
rw *;
}
console aleph {
host terminalserver;
port 2001;
}
console alfalfa {
host terminalserver;
port 2002;
}
console almond {
host terminalserver;
port 2003;
}
access * {
trusted localhost;
}

Is there a way to negate "rw", so abc123 is denied access for all
consoles except aleph?

Thanks.
Re: console rw access control [ In reply to ]
bryan at conserver
Nov 13, 2003, 4:14 PM
Post #2 of 3 (406 views)
Permalink
On Wed, Nov 12, 2003 at 06:59:36PM -0500, Matt Selsky wrote:
> So abc123 only gets access to "aleph" and everyone else gets access to
> all consoles.

hmmm. yeah, that's a problem. such a simple case, and i didn't think
about it. gack. i'm not sure what to tell you right now. to get it to
work right, you'd have to list all your conserver users and build
groups. ugly. the second option is to wait a bit and let me fix it. i
should be able to a a "not" feature. so, you'd be able to use 'rw *;'
in the default items and then use 'rw !abc123;' in the specific console
(building an effective 'rw * !abc123;' option). anyway, it shouldn't be
too bad to implement this, looks like, so i can send you patches when i
get them, if you like.

Bryan
Re: console rw access control [ In reply to ]
selsky at columbia
Nov 13, 2003, 4:38 PM
Post #3 of 3 (403 views)
Permalink
> hmmm. yeah, that's a problem. such a simple case, and i didn't think
> about it. gack. i'm not sure what to tell you right now. to get it to
> work right, you'd have to list all your conserver users and build
> groups. ugly. the second option is to wait a bit and let me fix it. i
> should be able to a a "not" feature. so, you'd be able to use 'rw *;'
> in the default items and then use 'rw !abc123;' in the specific console
> (building an effective 'rw * !abc123;' option). anyway, it shouldn't be
> too bad to implement this, looks like, so i can send you patches when i
> get them, if you like.

That would be great. Thanks again.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal