[ejabberd] Forbid parts of web administration I/F

CGS cgsmcmlxxv at gmail.com
Fri Jun 8 22:20:42 MSK 2012


Hi,

I don't know if you can do that with this version of Ejabberd (basically, I
don't suppose it will be practically at all for some other users, if not
even annoying - not even OS's have such things), but I suppose you can make
a backup of the database and you can set a chron job to restore it
periodically (if you don't want to get your hands dirty and to signal the
change in the database and to trigger an external process which can revert
the change or approve it).

That's my 2c suggestion.

CGS





On Fri, Jun 8, 2012 at 6:08 PM, Bzzz <lazyvirus at gmx.com> wrote:

> On Fri, 8 Jun 2012 17:39:16 +0200
> Badlop <badlop at gmail.com> wrote:
>
> >
> > Basically, if I understood correctly, you want them to administer
> > only some vhosts, not the whole server.
> >
> > [SNIP]
> >
> > Or go to the webadmin and check yourself that those users are only
> > described as admins in the ACL pages of the corresponding vhosts,
> > not on the whole/root ACL page.
>
> Not what I want: I wanna forbid only some options to them.
>
> i.e.: I know if I leave the database option reachable, one day or
> another a dumb ass will touch it, and then they'll call me saying
> it don't work anymore; of course, as usual, nobody will have done
> nothing, and I'll spend hours to find out what's happened.
>
> So, to be more precise, I don't want any sub-admins (or even admins,
> if it isn't possible to make a distinction between both) totally
> unable to (web)touch:
>
> * General:      * ACL
>                * Access Rules
>
> * VH(s):        * ACL
>                * Access Rules
>
> * Node(s):      * Database
>                * Backup
>                * Listened Ports
>                * Update
>
> NB: Most of the time there'll be only one VH, but for multi-VHs,
>    it should be the same restrictions.
>
> Of course, the best way would be to have one superadmin &
> some sub-admins, and keep the superadmin login for myself only;
> or if it is not possible, forbid (+hide?) these options from
> the web console, while leaving them accessible by ejabberdctl
> (as sub-admins won't have a server root access).
>
> JY
> --
> A can of ASPARAGUS, 73 pigeons, some LIVE ammo, and a FROZEN
> DAQUIRI!!
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120608/9234921e/attachment.html>


More information about the ejabberd mailing list