# Clarify instructions for permissions for xymonpasswd xymongroups files --- a/xymond/etcfiles/xymon-apache-secure.DIST +++ b/xymond/etcfiles/xymon-apache-secure.DIST @@ -33,8 +33,19 @@ ScriptAlias @SECUREXYMONCGIURL@ "@SECURE Allow from all # Password file where users with access to these scripts are kept. - # Create it with "htpasswd -c @INSTALLETCDIR@/xymonpasswd USERNAME" - # Add more users / change passwords with "htpasswd @INSTALLETCDIR@/xymonpasswd USERNAME" + # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd + # scripts, files here can be read with the "config" message type, + # which allows status-privileged clients to read arbitrary regular files + # from the directory. + # + # This file should be owned and readable only by the apache server user, + # and ideally merely a symlink to a location outside of $XYMONHOME/etc/ + # + # Create it with: + # htpasswd -c @INSTALLETCDIR@/xymonpasswd USERNAME + # chown apache:apache @INSTALLETCDIR@/xymonpasswd + # chmod 640 @INSTALLETCDIR@/xymonpasswd + # Add more users / change passwords with: "htpasswd @INSTALLETCDIR@/xymonpasswd USERNAME" # # You can also use a group file to restrict admin access to members of a # group, instead of anyone who is logged in. In that case you must setup