* User account @ 2002-03-21 18:00 Andrew 2002-03-24 10:53 ` Hans-Albert Schneider 0 siblings, 1 reply; 5+ messages in thread From: Andrew @ 2002-03-21 18:00 UTC (permalink / raw) To: help-gnats Hi, I am new to gnats but experienced with ClearQuest. Now we are going to use GNATS 4.0. I need your help on these questions: 1, When I install the GNATS into our LINUX server (as GNATS server), I followed the instruction and use the user "gnats", that owns all the gnats related files and database. Should I now create general user accounts for every our user? I want that if a person from our network to login to the GNATS, at the first login, it will automatically create the user account with the passwd by users' choice. Does anyone have the solution to do that? Please give me detailed instructions. 2, The STATES. How can I add or delete the states and build the state-change logic? is there any interface to do that? I noticed that the file "/usr/local/com/gnatsdb/gnats-adm/states" contains all states, but where is the interface to change it, that means how to easily customize the gnats states to my requirement. 3, Where can I find the gnats customization details, e.g. how to customize the gnats web page items? Thank you very much! Andrew 858-362-0101 (o) _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://mail.gnu.org/mailman/listinfo/help-gnats ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: User account 2002-03-21 18:00 User account Andrew @ 2002-03-24 10:53 ` Hans-Albert Schneider 2002-03-25 16:54 ` Andrew 0 siblings, 1 reply; 5+ messages in thread From: Hans-Albert Schneider @ 2002-03-24 10:53 UTC (permalink / raw) To: Andrew; +Cc: help-gnats >>>>> "Andrew" == Andrew <andrew.zhuang@wavecom-inc.com> writes: Andrew> Hi, I am new to gnats but experienced with Andrew> ClearQuest. Now we are going to use GNATS 4.0. I need Andrew> your help on these questions: Andrew> 1, When I install the GNATS into our LINUX server (as Andrew> GNATS server), I followed the instruction and use the Andrew> user "gnats", that owns all the gnats related files Andrew> and database. Should I now create general user Andrew> accounts for every our user? No. The GNATS user database (.../gnats-adm/gnatsd.access) has nothing to do with the UNIX user database (/etc/passwd, NIS, LDAP, or whatever). Andrew> I want that if a person from our network to login to Andrew> the GNATS, at the first login, it will automatically Andrew> create the user account with the passwd by users' Andrew> choice. Does anyone have the solution to do that? Andrew> Please give me detailed instructions. I have no solution to this, but I do have some security concerns. You see, "my" GNATS (in the office) lives in a large, world-wide intranet, and I don't know who else is in (and I doubt that there is anyone in the firm who knows exactly), or whether somebody got unauthorized access maybe on the other side of the globe. Andrew> 2, The STATES. How can I add or delete the states Edit file your-database/gnats-adm/states. The first state is the default state for incoming PRs (i.e., a new PR gets this state automatically if it dies not yet bear one), and the last state must be of type closed. See the comments in that file for details; the manual seems to be still at 3.1xx with respect to it. Andrew> and build the state-change logic? I am not sure what you mean. The default dbconfig file logs any change to the state of a PR, forced by on-change { # Add Audit-Trail entries when this field changes. add-audit-trail # Require that a reason be supplied when this field is edited. require-change-reason } It also sets the "Closed-Date" if the new state has type "closed", but the old one didn't (see the subsection starting `on-change "State[type]==\"closed\"" ', just below the above). You can define rules of your own, probably using state-types of your own (I expect they are simply defined by appearing in the states file). Andrew> is there any interface to do that? You mean a program? I am not aware of one. Just use your favorite text editor. Andrew> I noticed that the file Andrew> "/usr/local/com/gnatsdb/gnats-adm/states" contains Andrew> all states, but where is the interface to change it, Andrew> that means how to easily customize the gnats states Andrew> to my requirement. Each database has such a file. Just edit it; there are a lot of comments in it describing the format. GNATS can manage multiple databases; e.g., we used one for each software project, with one category per program or tool in the respective project. (Due to reorganization, we are currently splitting this into two installations.) All configuration is per database (hmm, well, the daemon listens on the same port for all databases :-). Andrew> 3, Where can I find the gnats customization details, In file .../gnats-adm/dbconfig. Andrew> e.g. how to customize the gnats web page items? Gnatsweb is a separate tool and has its own documentation. Create a file gnatsweb-site.pl in the same (CGI-) directory whereh you place gnatsweb; an example is distributed with gnatsweb. BTW, the GNATS docu is available from the GNATS web pages (http://www.gnu.org/software/gnats/); you should have got the manual (at least its texinfo version) as part of the distribution. Hans-Albert -- Hans-Albert Schneider Munich, Germany EMail: Hans-Albert@HA-Schneider.de _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://mail.gnu.org/mailman/listinfo/help-gnats ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: User account 2002-03-24 10:53 ` Hans-Albert Schneider @ 2002-03-25 16:54 ` Andrew 2002-03-28 13:42 ` Hans-Albert Schneider 0 siblings, 1 reply; 5+ messages in thread From: Andrew @ 2002-03-25 16:54 UTC (permalink / raw) To: Hans-Albert; +Cc: help-gnats [-- Attachment #1: Type: text/plain, Size: 2027 bytes --] Hans-Albert, Thank you very much for your help and answers! I might not make some of my questions clear. > No. The GNATS user database (.../gnats-adm/gnatsd.access) has > nothing to do with the UNIX user database (/etc/passwd, NIS, > LDAP, or whatever). I certainly do not want all our users/reports share the "gnats" user account. The "gnats" is now as an admin account, it owns everything. How can I easily set user accounts individually in GNATS for them to report PRs? otherwise how can they login to GNATS? > Andrew> and build the state-change logic? > > I am not sure what you mean. The default dbconfig file logs any > change to the state of a PR, forced by Please see my attached doc which show the state logic. How can I build such a logic. In ClearQuest, there is UI interface for CM to build and change state logic. I just want to know if GNATS has a similar interface. For example, if a PR current state is "Working", then if a user edits the state, the states shown in web display page should be either "Working" or "Solved", no other state should be shown for choose. > Each database has such a file. Just edit it; there are a lot of > comments in it describing the format. > > Andrew> 3, Where can I find the gnats customization details, > > In file .../gnats-adm/dbconfig. > > Andrew> e.g. how to customize the gnats web page items? > > Gnatsweb is a separate tool and has its own documentation. > Create a file gnatsweb-site.pl in the same (CGI-) directory > whereh you place gnatsweb; I need to modify gnatsweb display to ensure my "states" are correctly shown in the web page; or when I modified the "state" file, all the changes will be automatically picked up by the webpage display functions so to display my states? My GNATS 4.0 has been installed and is working, but states and the web display is not all what I want, so I got these questions. I hope you who have customized the GNATS before and who involved in designing GHATS give me detailed instructions. Thank you! Andrew [-- Attachment #2: winmail.dat --] [-- Type: application/ms-tnef, Size: 2888 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: User account 2002-03-25 16:54 ` Andrew @ 2002-03-28 13:42 ` Hans-Albert Schneider 0 siblings, 0 replies; 5+ messages in thread From: Hans-Albert Schneider @ 2002-03-28 13:42 UTC (permalink / raw) To: Andrew; +Cc: Hans-Albert, help-gnats Sorry, this has become very long, but it answers Andrew's questions from several mails. >>>>> "Andrew" == Andrew <andrew.zhuang@wavecom-inc.com> writes: Andrew> I certainly do not want all our users/reports share Andrew> the "gnats" user account. The "gnats" is now as an Andrew> admin account, it owns everything. How can I easily Andrew> set user accounts individually in GNATS for them to Andrew> report PRs? otherwise how can they login to GNATS? The UNIX/Linux account "gnats" owns the database(s), some tools are SUID (set-user-id) to it, and (x)inetd starts the gnatsd to run under that account. The GNATS users login to the gnatsd which authenticates them by checking (gnatsd.host_access and) gnatsd.access. You can consider this similar to a database management system--the database runs under a certain userid of the operating system, but for its internal purposes it has a user database of its own. Like the communication with the DBMS (or with a remote sendmail of ftpd), the communication with gnatsd follows some protocol which results in some changes in the PR database (adding a report, changing its state or its responsible, etc.). The users do it via this protocol (of course, usually the clients do it on their behalf), so they do not get a shell or anything else that requires them to have a system account. Similar for PRs arriving via e-mail. Andrew> and build the state-change logic? >> I am not sure what you mean. The default dbconfig file >> logs any change to the state of a PR, forced by Andrew> [...] For example, if a PR current state is Andrew> "Working", then if a user edits the state, the states Andrew> shown in web display page should be either "Working" Andrew> or "Solved", no other state should be shown for Andrew> choose. I see. Sorry, I have no idea how to do this with GNATS. On the other hand, I did not yet play with GNATS 4.0, and it changed a lot compared to 3.111 (which I still use), so there might be some way. (Any suggestions, anyone?) (Hmm, maybe you can use dbconfig to force a value if a wrong one is given. See the "on-change" examples in the default dbconfig. Just an idea.) Andrew> I need to modify gnatsweb display to ensure my Andrew> "states" are correctly shown in the web page; or when Andrew> I modified the "state" file, all the changes will be Andrew> automatically picked up by the webpage display Andrew> functions so to display my states? The idea is that you modify the "states" file, and the clients (gnatsweb, tkgnats, ...) learn it from the server. As gnatsd is started (via inetd, xinetd or similar) anew for each connection (including each invocation of gnatsweb via the web server, I expect), the changes take effect immediately. For the restrictions concerning the state transitions, it should be possible to implement them in gnatsweb; however, there are different clients, and you probably need to make sure no change can be made via tkgnats, emacs.el, e-mail, and maybe others. Not to forget gnatsweb on other servers. Andrew> 1, I now want to eliminate the "Priority" field and Andrew> change the "Categories" to "subsystems" etc. I can Andrew> edit the "dbconfig", but I also need to edit the Andrew> "gnatsweb.pl" I guess. Gnatsweb and other clients should learn these changes from gnatsd (like with the "states" file), so there is no need to modify them. Only edit the display name but keep the builtin-name; e.g. field "subsystems" { builtin-name "category" description "Subsystem concerned" ... } Andrew> Are there any other files involved? Those given in dbconfig ("states", "categories", "responsible", etc.). As they are given in dbconfig, you can of course change their names. You can also change the fields they contain, which of them is the key, etc. From a quick look into the dbconfig grammar, my impression is that two things cannot be changed about these files: "#" character starts a comment, and ":" is the field separator. Concerning fields "Priority" and "Severity", please do not remove them (renaming should be OK). On arrival of a new PR, these two fields are checked and, if they indicate some importance, an "at" job is started that reminds the responsible after some time if the PR is still in its initial state. The length of this time period is specified in the submitters file. See my mail earlier this month. Unfortunately, the check is still hardwired. Removing these fields caused strange effects. Andrew> 2, I found that in my server, there are two Andrew> "gnatsweb.pl" files under "/var/www/cgi-bin" and Andrew> "/usr/local/apache/cgi-bin" respectively. Which one I Andrew> need to change? Easiest case: one of them is a soft link to the other. Then they are actually the same. Otherwise, look into the Apache configuration. Look for a file httpd.conf in /usr/local/apache/etc or /usr/local/apache/conf, or in /etc/httpd. There may be other places, depending on your Linux distribution :-(. In httpd.conf, look for lines reading "ScriptAlias /cgi-bin/ ..." Andrew> Hi Uma, Andrew> I just can not control the access permission. I tried Andrew> several methods, but it seems to me the GNATS just Andrew> ignores the "gnats.access" access-level. at the login Andrew> prompt, anyone can login and edit. Can you help me Andrew> this? Gnatsd does a two-step authentication: First, it checks whether the remote machine (in this case, your WWW server) has permissions higher than "deny" (in GNATS 4, this is configured in gnatsd.host_access; in GNATS 3 the file was gnatsd.conf). When a user logs in, it checks the permissions of the user. The permissions used for access checking are the *higher* of the two--in other words, the permissions given to a user can only *increase* those given to a host, not *decrease* them. So the solution is not to give "edit" access to your web server (nor to your whole domain!), but to use "listdb" or "view" or "viewconf", and increase this to "edit" for the desired users via gnatsd.access. Andrew> [...] I removed the line of *:*:view already. The Andrew> only two lines valid are: (see my last email Andrew> attachment) Andrew> azhuang:andrew:edit: Andrew> *::deny: In gnatsd.access, the first line means that user "azhuang" gets "edit" access, when providing the password "andrew". The second line means that anybody else gets no access. Hmm, to make sure, use *:*:deny The first * matches any username not yet caught, the second one matches any password. I am not sure what your line means. Concerning gnatsd.host_access: Andrew> *.wavecom.com:edit: Everybody connecting from *any* computer in domain wavecom.com gets "edit" access. Andrew> localhost:edit: So does everybody connecting from the machine running gnatsd. You probably have to connect to the gnatsd on "localhost" (127.0.0.1) to see this rule fire. Andrew> #192.168.1.*:edit: Andrew> #*.wavecom-inc.com:edit: Two comment lines; no effect. Andrew> 10.200.210.14:edit: Everybody connecting from this IP address gets "edit" access. Andrew> *:deny: Everybody connecting from a machine not caught above gets rejected. Andrew> azhuang:edit: Users connecting from machine "azhuang" would get "edit" access, if this line were before the "deny" line. Note that this talks about a *computer* called "azhuang", meaning all users connecting from that computer. It does not talk about *user* "azhuang"!! Hope this clarified things a bit. Hans-Albert -- Hans-Albert Schneider Munich, Germany EMail: Hans-Albert@HA-Schneider.de _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://mail.gnu.org/mailman/listinfo/help-gnats ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: User account
@ 2002-03-25 6:36 Yngve Svendsen - Sun Norway
0 siblings, 0 replies; 5+ messages in thread
From: Yngve Svendsen - Sun Norway @ 2002-03-25 6:36 UTC (permalink / raw)
To: Hans-Albert, Andrew; +Cc: help-gnats
<Hans-Albert@HA-Schneider.de> wrote:
>Edit file your-database/gnats-adm/states. The first state is the
>default state for incoming PRs (i.e., a new PR gets this state
>automatically if it dies not yet bear one), and the last state
>must be of type closed. See the comments in that file for
>details; the manual seems to be still at 3.1xx with respect to
>it.
Hans-Albert,
Could you please elaborate a bit and submit it as a PR to the GNATS
database so this gets picked up when we do the final revision
of the manual?
Thanks,
Yngve Svendsen
_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-03-28 21:42 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2002-03-21 18:00 User account Andrew 2002-03-24 10:53 ` Hans-Albert Schneider 2002-03-25 16:54 ` Andrew 2002-03-28 13:42 ` Hans-Albert Schneider 2002-03-25 6:36 Yngve Svendsen - Sun Norway
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).