author | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Sun, 16 Aug 2009 22:22:26 +0000 (22:22 +0000) | ||
committer | oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa> | |
Sun, 16 Aug 2009 22:22:26 +0000 (22:22 +0000) | ||
commit | 45fb79dd5d7871bc7a80821ad198bc70d43fdf2e | |
tree | 2186be206b22595bdaf0d4b9c08e5608cd29fcec | tree | snapshot |
parent | 2ede02bffc36ad8e2aff1b55c548bc780e11b1d2 | commit | diff |
From: Florian Forster <octo@leeloo.lan.home.verplant.org>
This patch introduces per-socket, per-command permissions to the RRD
caching daemon, RRDCacheD. This allows administrators to limit access to
the daemon in a fine-grained manner.
The patch removes the command line option `-L' and introduces `-P'
instead. The option must appear *before* the `-l' option and the given
permissions are set for all following sockets or another `-P' option.
For example:
rrdcached -P FLUSH,PENDING -l 10.2.3.4 -P UPDATE -l unix:/some/path
Allow `FLUSH' and `PENDING' commands to clients connected via IPv4
networking and `UPDATE' to clients connected via a UNIX domain socket
only.
There are a couple of exceptions:
- The commands `HELP' and `QUIT' are always allowed.
- If the command `BATCH' is allowed, the command `.' is automatically
allowed, too.
By default, i. e. if no `-P' option is specified, all commands will be
allowed. As a shortcut to reset the behavior to the default behavior,
you can use the slightly hackish `-P ""' syntax.
Signed-off-by: Florian Forster <octo@leeloo.lan.home.verplant.org>
git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk/program@1892 a5681a0c-68f1-0310-ab6d-d61299d08faa
This patch introduces per-socket, per-command permissions to the RRD
caching daemon, RRDCacheD. This allows administrators to limit access to
the daemon in a fine-grained manner.
The patch removes the command line option `-L' and introduces `-P'
instead. The option must appear *before* the `-l' option and the given
permissions are set for all following sockets or another `-P' option.
For example:
rrdcached -P FLUSH,PENDING -l 10.2.3.4 -P UPDATE -l unix:/some/path
Allow `FLUSH' and `PENDING' commands to clients connected via IPv4
networking and `UPDATE' to clients connected via a UNIX domain socket
only.
There are a couple of exceptions:
- The commands `HELP' and `QUIT' are always allowed.
- If the command `BATCH' is allowed, the command `.' is automatically
allowed, too.
By default, i. e. if no `-P' option is specified, all commands will be
allowed. As a shortcut to reset the behavior to the default behavior,
you can use the slightly hackish `-P ""' syntax.
Signed-off-by: Florian Forster <octo@leeloo.lan.home.verplant.org>
git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk/program@1892 a5681a0c-68f1-0310-ab6d-d61299d08faa
doc/rrdcached.pod | diff | blob | history | |
src/rrd_daemon.c | diff | blob | history |