From: oetiker <oetiker@a5681a0c-68f1-0310-ab6d-d61299d08faa>
Date: Sun, 16 Aug 2009 22:22:26 +0000 (+0000)
Subject: From: Florian Forster <octo@leeloo.lan.home.verplant.org>
X-Git-Url: https://git.octo.it/?p=rrdtool.git;a=commitdiff_plain;h=45fb79dd5d7871bc7a80821ad198bc70d43fdf2e;hp=45fb79dd5d7871bc7a80821ad198bc70d43fdf2e

From: Florian Forster <octo@leeloo.lan.home.verplant.org>

This patch introduces per-socket, per-command permissions to the RRD
caching daemon, RRDCacheD. This allows administrators to limit access to
the daemon in a fine-grained manner.

The patch removes the command line option `-L' and introduces `-P'
instead. The option must appear *before* the `-l' option and the given
permissions are set for all following sockets or another `-P' option.

For example:

  rrdcached -P FLUSH,PENDING -l 10.2.3.4 -P UPDATE -l unix:/some/path

Allow `FLUSH' and `PENDING' commands to clients connected via IPv4
networking and `UPDATE' to clients connected via a UNIX domain socket
only.

There are a couple of exceptions:

  - The commands `HELP' and `QUIT' are always allowed.
  - If the command `BATCH' is allowed, the command `.' is automatically
    allowed, too.

By default, i. e. if no `-P' option is specified, all commands will be
allowed. As a shortcut to reset the behavior to the default behavior,
you can use the slightly hackish `-P ""' syntax.

Signed-off-by: Florian Forster <octo@leeloo.lan.home.verplant.org>



git-svn-id: svn://svn.oetiker.ch/rrdtool/trunk/program@1892 a5681a0c-68f1-0310-ab6d-d61299d08faa
---