[ejabberd] Forbid parts of web administration I/F
lazyvirus at gmx.com
Fri Jun 8 20:08:06 MSK 2012
On Fri, 8 Jun 2012 17:39:16 +0200
Badlop <badlop at gmail.com> wrote:
> Basically, if I understood correctly, you want them to administer
> only some vhosts, not the whole server.
> Or go to the webadmin and check yourself that those users are only
> described as admins in the ACL pages of the corresponding vhosts,
> not on the whole/root ACL page.
Not what I want: I wanna forbid only some options to them.
i.e.: I know if I leave the database option reachable, one day or
another a dumb ass will touch it, and then they'll call me saying
it don't work anymore; of course, as usual, nobody will have done
nothing, and I'll spend hours to find out what's happened.
So, to be more precise, I don't want any sub-admins (or even admins,
if it isn't possible to make a distinction between both) totally
unable to (web)touch:
* General: * ACL
* Access Rules
* VH(s): * ACL
* Access Rules
* Node(s): * Database
* Listened Ports
NB: Most of the time there'll be only one VH, but for multi-VHs,
it should be the same restrictions.
Of course, the best way would be to have one superadmin &
some sub-admins, and keep the superadmin login for myself only;
or if it is not possible, forbid (+hide?) these options from
the web console, while leaving them accessible by ejabberdctl
(as sub-admins won't have a server root access).
A can of ASPARAGUS, 73 pigeons, some LIVE ammo, and a FROZEN
More information about the ejabberd