| To: | Lukas Berk <lberk@xxxxxxxxxx>, fche@xxxxxxxxxx |
|---|---|
| Subject: | Re: [pcp] PMCD Access control question |
| From: | Chandana De Silva <chandana@xxxxxxxxxxxxx> |
| Date: | Mon, 10 Aug 2015 07:49:26 +1000 |
| Cc: | pcp@xxxxxxxxxxx |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <878u9np76y.fsf@xxxxxxxxxx> |
| References: | <1438916688.28237.48.camel@xxxxxxxxxxxxx> <878u9np76y.fsf@xxxxxxxxxx> |
| Reply-to: | chandana@xxxxxxxxxxxxx |
|
Lukas and Frank, Thanks for your response. I guess I did not read the man page carefully enough. Regards Chandana On Fri, 2015-08-07 at 09:19 -0400, Lukas Berk wrote: Hi, Chandana De Silva <chandana@xxxxxxxxxxxxx> writes: [...] > disallow ".*" : store; > disallow ":*" : store; > allow "local:*" : all; > > Does this mean that fetch is restricted to localhost, or is fetch > allowed from anywhere. In other words is ".* fetch" the default ? > I can currently access this particular host from any where, which > suggests ".*" Fetch operations are not restricted to the localhost with this configuation. In cases where there is no specific allow or disallow control statements applied to an operation (remote fetch's in this case), the default is to allow it. The first two lines disallow store operation from any IPv4 and IPv6 address, and then the third overrides that for the localhost case. I would suggest taking a look at man pmcd(1) for more details, specifically the 'Access Control Specification' section. Cheers, Lukas |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [pcp] Fixes SIGSEGV, 64-bit format specifiers, dlsym bug and IPC on Windows (#34), Diego Giagio |
|---|---|
| Next by Date: | pcp updates - qa + coverity fix for pmcpp, Ken McDonell |
| Previous by Thread: | Re: [pcp] PMCD Access control question, Lukas Berk |
| Next by Thread: | [pcp] Fixes SIGSEGV, 64-bit format specifiers, dlsym bug and IPC on Windows (#34), Diego Giagio |
| Indexes: | [Date] [Thread] [Top] [All Lists] |