[ejabberd] Forbid parts of web administration I/F

Badlop badlop at gmail.com
Fri Jun 8 19:39:16 MSK 2012


On 8 June 2012 16:55, Bzzz <lazyvirus at gmx.com> wrote:
> Hi list,
>
> Knowing people for whom I'll install ejabberd, and they
> won't have a root access to the server, I'd like to
> forbid some parts of the web administration I/F to
> avoid bulls.
>
> Specifically, I don't want them to have access to:
> * ACLs
> * Access rules
> * Database configuration
>
> If it need "sub-admins", this is not a problem.

Basically, if I understood correctly, you want them to administer only
some vhosts, not the whole server.

For that, don't define such admins as server admins:
{acl, admin, {user, "user34", "example.org"}}. %% NO!

Instead, define them as admins of a specific vhost:
{host_config, "example.org",
 [
  {acl, admin, {user, "user34", "example.org"}}
 ]
}.

Or go to the webadmin and check yourself that those users are only
described as admins in the ACL pages of the corresponding vhosts, not
on the whole/root ACL page.


---
Badlop
ProcessOne


More information about the ejabberd mailing list