Restricted consoles and profiles modification

Splits the restricted console and profile configuration into separate files and updates the install documentation as well as the makefiles.
bareos · Jun 1, 2015 · fa91388 · fa91388
1 parent 0b07726
commit fa91388
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 24 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -6,7 +6,8 @@ install: install-am
 
 	cp -pr init_autoloader.php config/ data/ module/ public/ vendor/ $(DESTDIR)$(pkgdatadir)
 	cp -p install/directors.ini $(DESTDIR)/etc/bareos-webui/directors.ini
-	$(INSTALL) -m 0640 install/bareos/bareos-webui.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-consoles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-profiles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
 	$(INSTALL) -m 0640 install/apache/bareos-webui.conf $(DESTDIR)@HTTPD_CONF@/
 
 #	#$(INSTALL_SCRIPT) install/bareos-webui-config $(DESTDIR)@sbindir@
diff --git a/Makefile.in b/Makefile.in
@@ -527,7 +527,8 @@ install: install-am
 
 	cp -pr init_autoloader.php config/ data/ module/ public/ vendor/ $(DESTDIR)$(pkgdatadir)
 	cp -p install/directors.ini $(DESTDIR)/etc/bareos-webui/directors.ini
-	$(INSTALL) -m 0640 install/bareos/bareos-webui.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-consoles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-profiles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
 	$(INSTALL) -m 0640 install/apache/bareos-webui.conf $(DESTDIR)@HTTPD_CONF@/
 
 #	#$(INSTALL_SCRIPT) install/bareos-webui-config $(DESTDIR)@sbindir@

diff --git a/doc/INSTALL.md b/doc/INSTALL.md
@@ -27,7 +27,13 @@ INSTALLATION
 
 ### PACKAGE BASED INSTALLATION
 
-Bareos-WebUI packages are available for a number of Linux distributions, see [Bareos contrib](http://download.bareos.org/bareos/contrib/) repository.
+Packages are available for a number of Linux distributions, please see:
+
+* [Version 14.2 (stable)](http://download.bareos.org/bareos/contrib/)
+* [Version 15.2 (experimental/nightly)](http://download.bareos.org/bareos/experimental/nightly/)
+
+**Note:** The experimental nightly webui build only works with and from Bareos 15.2 (experimental/nightly) onwards,
+as it makes use of the new JSON API.
 
 #### Step 1 - Adding the Repository
 
@@ -103,7 +109,7 @@ apt-get install bareos-webui
 
 ```
 
-#### Step 2 - Configuration of a restricted console
+#### Step 2 - Configuration of restricted consoles and profile resources
 
 You can have multiple Consoles with different names and passwords, sort of like multiple users, each with different privileges.
 As a default, these consoles can do absolutely nothing – no commands whatsoever. You give them privileges or rather access to
@@ -114,7 +120,7 @@ It is required to add at least one restricted named console in your director con
 The restricted named consoles, configured in your bareos-dir.conf, are used for authentication and access control. The name
 and password directives of the restricted consoles are the credentials you have to provide during authentication to the webui
 as username and password. For full access and functionality relating the director connection the following commands are
-currently needed by the webui and have to be made available via the CommandACL in your restricted consoles.
+currently needed by the webui and have to be made available via the CommandACL in your profile the restricted consoles uses.
 
 * status
 * messages
@@ -123,12 +129,22 @@ currently needed by the webui and have to be made available via the CommandACL i
 * run
 * rerun
 * cancel
-
-The package install provides a default configuration under /etc/bareos/bareos-dir.d/bareos-webui.conf, which has to be included
+* use
+* restore
+* list, llist
+* .api
+* .bvfs_update
+* .bvfs_lsdirs
+* .bvfs_lsfiles
+* .bvfs_versions
+* .bvfs_restore
+
+The package install provides a default console and profile configuration under /etc/bareos/bareos-dir.d/, which have to be included
 at the bottum of your /etc/bareos/bareos-dir.conf and edited to your needs.
 
 ```
-echo "@/etc/bareos/bareos-dir.d/bareos-webui.conf" >> /etc/bareos/bareos-dir.conf
+echo "@/etc/bareos/bareos-dir.d/webui-consoles.conf" >> /etc/bareos/bareos-dir.conf
+echo "@/etc/bareos/bareos-dir.d/webui-profiles.conf" >> /etc/bareos/bareos-dir.conf
 ```
 
 **Note:** Most parts of the webui still use a direct connection to the catalog database to retrieve data, so the configured ACL
@@ -137,24 +153,51 @@ or may be fine with the defaults provided in the example below. However, in futu
 will be droped and fully replaced by the native connection to the director itself.
 
 ```
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-consoles.conf
+#
+
 #
 # Restricted console used by bareos-webui
 #
 Console {
   Name = user1
-  Password = "password"
-  CommandACL = status, messages, show, version, run, rerun, cancel
+  Password = "CHANGEME"
+  Profile = webui
+}
+
+```
+For more details about console resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/master/html/bareos-manual-main-reference.html#ConsoleResource).
+
+```
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-profiles.conf
+#
+
+#
+# bareos-webui default profile resource
+#
+Profile {
+  Name = webui
+  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_*, list, llist, use, restore
   Job ACL = *all*
   Schedule ACL = *all*
   Catalog ACL = *all*
   Pool ACL = *all*
   Storage ACL = *all*
   Client ACL = *all*
   FileSet ACL = *all*
-  #Where ACL =
+  Where ACL = *all*
 }
+
 ```
-For more details about console resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/).
+For more details about profile resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/master/html/bareos-manual-main-reference.html#ProfileResource).
 
 **Note:** Do not forget to reload your new director configuration.
 

diff --git a/install/bareos/webui-consoles.conf b/install/bareos/webui-consoles.conf
@@ -0,0 +1,16 @@
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-consoles.conf
+#
+
+#
+# Restricted console used by bareos-webui
+#
+Console {
+  Name = user1
+  Password = "CHANGEME"
+  Profile = webui
+}
+
diff --git a/install/bareos/bareos-webui.conf → install/bareos/webui-profiles.conf b/install/bareos/bareos-webui.conf → install/bareos/webui-profiles.conf
@@ -2,24 +2,15 @@
 # Preparations:
 #
 # include this configuration file in bareos-dir.conf by
-# @/etc/bareos/bareos-dir.d/bareos-webui.conf
+# @/etc/bareos/bareos-dir.d/webui-profiles.conf
 #
 
-#
-# Restricted console used by bareos-webui
-#
-Console {
-  Name = user1
-  Password = "CHANGEME"
-  Profile = webui
-}
-
 #
 # bareos-webui default profile resource
 #
 Profile {
   Name = webui
-  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_update, .bvfs_lsdirs, .bvfs_lsfiles, .bvfs_versions, .bvfs_restore, list, llist, use, restore
+  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_*, list, llist, use, restore
   Job ACL = *all*
   Schedule ACL = *all*
   Catalog ACL = *all*

diff --git a/packaging/obs/bareos-webui.spec b/packaging/obs/bareos-webui.spec
@@ -92,6 +92,7 @@ rm -rf $RPM_BUILD_ROOT
 #attr(-, #daemon_user, #daemon_group) #{_datadir}/#{name}/data
 %dir /etc/bareos-webui
 %config(noreplace) /etc/bareos-webui/directors.ini
-%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/bareos-webui.conf
+%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/webui-consoles.conf
+%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/webui-profiles.conf
 %config(noreplace) %{_apache_conf_dir}/bareos-webui.conf