On the module organization wiki, we''re got the following statement: To control access to the files in modules, the fileserver configuration can contain an explicit declaration of a ``modules`` module:: ... however, I thought the fileserver couldn''t define module or any section that is in the module paths. Has anyone tried this? And if it doesn''t work, is there some way to access control modules?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Digant C Kasundra wrote:> On the module organization wiki, we''re got the following statement: > > To control access to the files in modules, the fileserver configuration can > contain an explicit declaration of a ``modules`` module:: > > ... however, I thought the fileserver couldn''t define module or any section > that is in the module paths. Has anyone tried this? And if it doesn''t > work, is there some way to access control modules? >The explicit ''modules'' declaration is isn''t correct and I adjusted that page yesterday to reflect this - together with a bunch of other edits. Unless Luke chimes in I don''t believe there is a way to control access to files in modules? Regards James Turnbull - -- James Turnbull (james@lovedthanlost.net) - -- Author of: - - Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) - - Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) - - Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbdVg9hTGvAxC30ARAlMPAKCX3eu9cCS9JmAcDlRNf5ZoEtI7xACg11D8 lhES1+k3mKWHh8aLRypEcqQ=xxyC -----END PGP SIGNATURE-----
On Dec 22, 2007, at 9:26 PM, James Turnbull wrote:> The explicit ''modules'' declaration is isn''t correct and I adjusted > that > page yesterday to reflect this - together with a bunch of other edits. > > Unless Luke chimes in I don''t believe there is a way to control access > to files in modules?Just define the ''modules'' mount but don''t declare a path with it. Same with plugins in 0.24. -- It''s a small world, but I wouldn''t want to paint it. -- Stephen Wright --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luke Kanies wrote:> On Dec 22, 2007, at 9:26 PM, James Turnbull wrote: > >> The explicit ''modules'' declaration is isn''t correct and I adjusted >> that >> page yesterday to reflect this - together with a bunch of other edits. >> >> Unless Luke chimes in I don''t believe there is a way to control access >> to files in modules? > > Just define the ''modules'' mount but don''t declare a path with it. > Same with plugins in 0.24. >Does that imply that you can only restrict file access to ALL modules - not on a per module basis? Regards James Turnbull - -- James Turnbull (james@lovedthanlost.net) - -- Author of: - - Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) - - Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) - - Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbdxw9hTGvAxC30ARAuadAJ402g2xJM0DPwDW3ru44UI1k7ubTgCfdRXG Rymul1ULv8xxoksJorg2Tt4=N0Uz -----END PGP SIGNATURE-----
On Dec 22, 2007, at 9:56 PM, James Turnbull wrote:> Does that imply that you can only restrict file access to ALL > modules - > not on a per module basis?Indeed it does; there''s currently no way to restrict per-module. Probably should, I suppose, but I hadn''t thought of it, and I guess David Lutterkort hadn''t either (he wrote all of this code). -- The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luke Kanies wrote:> On Dec 22, 2007, at 9:56 PM, James Turnbull wrote: > >> Does that imply that you can only restrict file access to ALL >> modules - >> not on a per module basis? > > Indeed it does; there''s currently no way to restrict per-module. > Probably should, I suppose, but I hadn''t thought of it, and I guess > David Lutterkort hadn''t either (he wrote all of this code). >This is where my confusion stemmed from yesterday when we were discussing explicit versus implied mounts! Now I get it. *slaps head*. It''ll update the page to reflect this. Cheers James - -- James Turnbull (james@lovedthanlost.net) - -- Author of: - - Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) - - Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) - - Hardening Linux (http://www.amazon.com/gp/product/1590594444/) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHbeMN9hTGvAxC30ARApP/AJ9bgBcjcnE/hKCrDJQTK4JpwgCgYQCg13Ec PFOHf4eJyHbGJ8qcwqafWt0=tX1F -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Turnbull wrote:> Luke Kanies wrote: >> On Dec 22, 2007, at 9:56 PM, James Turnbull wrote: > >>> Does that imply that you can only restrict file access to ALL >>> modules - >>> not on a per module basis? >> Indeed it does; there''s currently no way to restrict per-module. >> Probably should, I suppose, but I hadn''t thought of it, and I guess >> David Lutterkort hadn''t either (he wrote all of this code). >I''ve updated the Wiki ModuleOrganisation page to reflect the current behaviour. Regards James Turnbull -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHb7BW9hTGvAxC30ARAhQBAKC10JxG72Ywrp2MH/wHmwozNQHgygCfXjrK 84Kwe5mM6SCVV01Ln78MqzA=ZF28 -----END PGP SIGNATURE-----