Add sample remctl configuration for wallet-report

author: Russ Allbery <rra@stanford.edu> 2010-07-07 10:36:00 -0700
committer: Russ Allbery <rra@stanford.edu> 2010-07-07 10:36:00 -0700
commit: c75eb196a37ce8ca1acd791267cfb36ee30fdcdb (patch)
tree: 85ba7a391279cc1fe3d81b40433dd19ec8a90b86
parent: 11e4af2938f6b1674329d1daa6e8d702b501ccf4 (diff)
2 files changed, 10 insertions, 2 deletions
diff --git a/config/wallet b/config/wallet
index 06dc39d..19b86fa 100644
--- a/config/wallet
+++ b/config/wallet
@@ -1,7 +1,9 @@
 # /etc/remctl/conf.d/wallet -- Run wallet-backend for the wallet system.
 #
-# This is a remctld configuration fragment to run wallet-backend, which
-# implements the server side of the wallet system.
+# This is a remctld configuration fragment to run wallet-backend and
+# wallet-report, which implement the server side of the wallet system.
 
 wallet store /usr/sbin/wallet-backend stdin=4 ANYUSER
 wallet ALL /usr/sbin/wallet-backend ANYUSER
+
+wallet-report /usr/sbin/wallet-report /etc/remctl/acl/wallet-report
diff --git a/config/wallet-report.acl b/config/wallet-report.acl
new file mode 100644
index 0000000..d4c1aa6
--- /dev/null
+++ b/config/wallet-report.acl
@@ -0,0 +1,6 @@
+# /etc/remctl/acl/wallet-report -- ACL for wallet reporting.
+#
+# This is the ACL controlling who can run reports against the wallet
+# database using wallet-report via remctl.  This backend doesn't allow any
+# modification of data or retrieval of stored data, but does allow
+# examination of all of the metadata in the wallet database.
author	Russ Allbery <rra@stanford.edu>	2010-07-07 10:36:00 -0700
committer	Russ Allbery <rra@stanford.edu>	2010-07-07 10:36:00 -0700
commit	c75eb196a37ce8ca1acd791267cfb36ee30fdcdb (patch)
tree	85ba7a391279cc1fe3d81b40433dd19ec8a90b86
parent	11e4af2938f6b1674329d1daa6e8d702b501ccf4 (diff)