GuardDog

From WolfTech
Revision as of 11:35, 26 September 2006 by Djgreen (talk | contribs)
Jump to navigation Jump to search

Note: Before accessing any options within GuardDog, you must select which virtual host you would like to edit. If you do not have an virtual host, and would like to get one set up, please contact the WolfTech Webmaster at wolftech-webmaster@ncsu.edu.

Summary

GuardDog is a tool designed to manage the access privileges of users for multiple areas (directories on the webserver).

Access to areas is controlled at both user and group levels. By adding a group to an area you subsequently give access to this area to all users that are a member of this group. It is still possible, however, to individually deny access to an area at the user level. When you deny a user access to an area, even if that user belongs to multiple groups that have access to this area, the user will still not be allowed to access this area. That is, user deny restrictions override group access privileges.

Overview of How GuardDog Works

GuardDog creates .htaccess files to define which users can access a webserver directory. Management of users and groups and their access to areas is a fundamental part of controlling access to an area, but before any restrictions will be in place, you must create a symbolic link to the .htaccess file that GuardDog generates and place this symbolic link in the webserver directory that is to be protected.

Once a symbolic link is created in the directory of the area to be protected, any changes made to the access privileges of this area in GuardDog will be reflected immediately. That is, you do not have to recreate the symbolic link or update any code in the protected area for the changes to go into effect.

Getting Started - Adding an Area

To start adding areas, click the Add Area tab at the top of the page. When adding an area, you must provide a name for the area and optionally a description of the area. Furthermore, you must provide the location of the area. The location of the area is the path to the directory on the webserver in which the area's web documents are contained.

This path must begin at the /afs/ root directory.

Once you have provided the required information, click on Add Area to add the area to the GuardDog database.

Upon adding the area to the database the area will appear in the Manage Areas section.

Getting Started - Adding a Group

To add a group click on the Add Group tab. When adding a group, you must provide a name for the group and optionally a description of the group. Once you have provided this information, click on Add Group to add the group to the GuardDog database.

The groups you create will allow you to easily organize user access. Groups can contain individual users and other groups, whether they are other groups you created or the automatic groups within GuardDog. You can modify your group and it's members on the Manage Groups page.

Getting Started - Managing Your Areas

Once you have added an area to GuardDog, you can begin managing it by going to the Manage Areas tab, which will display a listing of your areas ordered by name.

To configure which users and groups have access to this area or to edit the properties of any areas listed on this page then click on the corresponding Edit link to display a menu of available actions.

Clicking on the Info link will bring up important information about your area:

.htaccess file - The physical file for which the symbolic like located in the protected area should point. Area Location - The location of the area to be protected. This path is relative to the /afs/ root directory. In order for your area to be protected, it is extremely important the information in this field is accurate. Unix Link Command - This is the command that should be executed in an active Telnet or PuTTY session. When entering this command at the console it is not required that your current directory be the directory of the protected area or the directory of GuardDog. However, it is required that you have sufficient privileges to create the symbolic link in the directory of the protected area.

Getting Started - Managing Your Groups

GuardDog features two different types of groups to help you protect your areas. The first kind of group is an automatically generated group, which is designated by the image.

Starting at the college level, automatically generated groups then create groupings by department, roles within the department (faculty, staff, and/or student), departmental courses, curriculum codes, grade level, and more.

The second kind of groups are groups that you create specifically for your virtual host. These groups can contain any combination of GuardDog users and GuardDog groups (whether automatically generated or made by you) imaginable.

The Edit link that follows will give you a number of options for configuring your group:

Modify group... - Allows you to change the name and description of your group. Remove group... - Allows you to remove the group. Configure which groups are members... - Allows you to choose which groups you would like to be members of your specific group. Configure which users are members... - Allows you to choose which individual users you would like to be members of your specific group.

User Information

Using another WolfTech created program called LDAPSurfer, once a night GuardDog finds every user in the university and proceeds to add them to it's database automatically. In addition to just adding the users to GuardDog, LDAPSurfer also adds and removes users from automatic groups where necessary, creates automatic groups, and updates the .htaccess files for your areas whenever necessary.

Since this entire process is automated, users cannot be manually added to the GuardDog. If there is a user who does not appear in GuardDog, please send an e-mail to the WolfTech Webmaster and the problem will be looked into. If you feel a user is either improperly excluded or included in a group, please contact that department's data manager.





GuardDog Extentions

  • The "Person Class" looks up a person in LDAP then finds their college and departmental associations as a faculty, staff or student member of the university.
  • The "Class List" function returns an array containing the list of students in a given class. We're happy to share these if you'd like to use them in your own code.