login about faq

We have administrators from separate business units who need to independently configure different parts of SSH Tectia software. In the older 4.x version we used Tectia Server subconfiguration files for this purpose. How can I split the XML configuration files?

asked Feb 22 '10 at 17:19

SSH%20KB's gravatar image

SSH KB ♦
509249246237


You can divide the Server's configuration to several files using XML SYSTEM entity references.

SYSTEM entity declarations are used to define entities referring to separate files. They look like this:

<!ENTITY some-entity SYSTEM "some-file.xml">

Entity declarations are placed within the DOCTYPE element. An XML entity is referred to like this:

&some-entity;

The effect of this is that the contents of some-file.xml are expanded in place of the entity reference.

Example: Server rule block for a user group in separate file

This is only a partial configuration file for clarity. Parts where you presumably have something are marked with dots (...).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE secsh-server SYSTEM
   "/etc/ssh2/ssh-tectia/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
  <!ENTITY configdir PUBLIC "secsh:directory(config-server)" "">
  <!ENTITY group-foo-rules SYSTEM "subconfigs/group-foo-rules.xml">
]<
<secsh-server>
  ...
  <services>
    <group name="foo">
      <selector>
         <user-group name="foo"/> 
      </selector>
    </group>

    ...

    <rule group="foo">
      &group-foo-rules;
    </rule>

    ...
  </services>
</secsh-server>

Then, the file subconfigs/group-foo-rules.xml will be used for defining allowed services for this group:

<terminal action="deny" />
<subsystem type="sftp" application="sft-server-g3" chroot="%homedir%" />
<tunnel-agent action="deny" />
<tunnel-x11 action="deny" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />

The read/write permissions of this extra file can be set to anything. For example:

$ ls -l subconfigs/group-foo-rules.xml
-rw-rw-r-- 1 root fooadm 223 2008-05-29 10:38 group-foo-rules.xml

Members of the fooadm group can now edit this part of the server configuration.

link

answered Feb 22 '10 at 17:51

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×15
×2

Asked: Feb 22 '10 at 17:19

Seen: 2,786 times

Last updated: Aug 24 '10 at 00:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.