Problems with Access Lists

Richard Passman rpassman at radime.com
Tue Feb 20 15:57:46 EST 2007 

Hi Jeff,

Thanks for the reply, we've been using Argus for nearly 2 years, but 
we're about to start offering individual customer access - hence the trials.

Jeff Weisberg wrote:

>| Using version 3.4 this config almost works;
>| (Users file needs an extra entry for the cust2 entry to be valid!)
>
>I do not understand. what do mean by 'needs an extra entry to be valid'?
>are you getting an error message somewhere?
>valid how?
>  
>
The last entry in the Users file doesn't seem to work. If I add a dummy 
entry (i.e. the cust3 in my users example) the the last but one entry 
works... confusing I know - let me try again...
Users File
argus        any        Top    root
staff    any         Top        staff
cust1    any    Top:Cust1    cust1
cust2    any    Top:Cust2    cust2

Cust2 access doesn't work

if I add an extra dummy entry
i.e.
argus        any        Top    root
staff    any         Top        staff
cust1    any    Top:Cust1    cust1
cust2    any    Top:Cust2    cust2
cust3    any    Top:Cust3    cust3

cust2 now works.

I haven't as yet found in the source, where you read the users file in, 
to see if I could find anything

>| i.e.user argus can get to everything,
>| user cust1 can just look at the data for cust1
>
>correct.
>is this not what you expected?
>  
>
yes - I was being complete with my explanations :-)

>
>| user cust2 can look and has the buttons for notifys, but gives a 
>| permissions error when trying to access the notifylists
>
>the notify-list, un-acked notify-list, and error-log are
>top-level system-wide lists, they are not per object. so
>the per-object acl is not used.
>
>  
>
Just as your email came in I found the code in the source that confirms 
this.

>but, in your config, you can say:
>	shownotiflist:	yes
>
>  
>
This seems to be on by default.

>and a list of notifications will be listed on each page
>for that particular object.
>
>
>| Using version Dev-20070218 subtle differences
>| user cust1 gets a permissions error when trying to look at its top page 
>
>previously, you could not mix and match between the simple-mode and
>extended-mode acl parameters. the current dev code lets you mix and
>match, but a) it hasn't been well tested yet, so there may still be
>some glitches and b) I've changed my mind at least twice recently on
>what exactly happens when mixing and matching. 
>
>  
>
Ok understand. More than happy to do some testing for you if you do more 
revisions. We want to be able to allow the customer to ack their notifys 
only but I can see now that this may be difficult to implement.

Thanks

More information about the Arguslist mailing list