Next: , Previous: Overall gnatsd access level, Up: Access Control

C.3 Overall access levels per host

The host access file (by default /usr/local/etc/gnats/gnatsd.host_access) controls overall access levels on a per-host basis, meaning that settings in this file apply across all databases on the server. Entries in this file are in the following format:


host is the hostname or IP address of the host contacting gnatsd. Wildcard characters are supported: * matches anything; ? matches any single character. By using wildcards, you can specify access levels for entire network subnets and domains. Note that when gnats authenticates hosts, it reads the entries in this file in sequence until a match is found. This means that wildcard entries must be placed near the end of the file, otherwise, they will override non-wildcard entries appearing after the wildcard ones.

The second field is the access level of host. The default is deny. If the user's hostname isn't in the file or its access level is set to deny, the connection is closed immediately.

gnats currently doesn't make use of the third field. Remember to still include the second : on the line if you choose to leave the third field empty.

Whenever a CHDB command is processed (or defaulted), the user's access level is set to the level for their host, as determined by the values in the gnatsd.host_access file. However, even if a host is given the none access level, an individual can still give the USER command to possibly gain a higher (but never lower) access than is set for their host. The gnatsd USER command takes two arguments: USER <userid> <passwd>.