[ejabberd] Forbid parts of web administration I/F

CGS cgsmcmlxxv at gmail.com
Fri Jun 8 23:01:16 MSK 2012


On Fri, Jun 8, 2012 at 8:48 PM, Bzzz <lazyvirus at gmx.com> wrote:

> On Fri, 8 Jun 2012 20:20:42 +0200
> CGS <cgsmcmlxxv at gmail.com> wrote:
>
> > I don't know if you can do that with this version of Ejabberd
> > (basically, I don't suppose it will be practically at all for some
> > other users, if not even annoying - not even OS's have such
> > things),
>
> Don't agree: you can design sudoers and strictly limit their rights
> to only a few programs/daemons.
>

Yes, but an admin remains admin with full access (root user in most of the
Linux distros). You can work with groups and so on so forth (like for users
in ACL, ...), but, in the end, you have two main groups of users: regular
ones and root. So, whoever will have the admin password for your Ejabberd
installation will be able to do whatever he/she wants.


>
> > but I suppose you can make a backup of the database and
> > you can set a chron job to restore it periodically (if you don't
> > want to get your hands dirty and to signal the change in the
> > database and to trigger an external process which can revert the
> > change or approve it).
>
> I don't think I can do that as I'm the installer and I almost won't
> touch back the server (unless there's a failure, of course) - so I
> could reinstall a backup, but a starter one, so they'll lose all
> users setup etc.
>

Not necessary. If you keep a back up of only what you are interested in, no
data loss for the rest of the database. But for that, you need an
automation.


> My problem is not all people also add a backup server (which would
> be ideal and painless for me) as some already have their own backup
> solution often not Linux compatible.
>
> Tweaking the conffile is the ideal, if it is really impossible I can
> edit the source and strip the aforementioned functions, but I don't
> like that very much, essentially because if there's a security update
> everything will be wiped out.
>

That's why I proposed to work directly on the database.

CGS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120608/434b5dd5/attachment.html>


More information about the ejabberd mailing list