I have managed to get this to work (so far).

What I do is use a separate password file and directory for each log.

I haven't tested it with with the current version but it worked fine before
that. My testing consisted of creating a user in the main password file and
see if he could get to anything I didn't want him to. This may not be enough
for something that requires a high level of security. 

When I create a new user I move that line to the appropriate password file if
it isn't already there.

You will get an invalid user message and a prompt if you try access a log that
doesn't have your user name in the password file. 

I only have six people using it so this isn't much trouble.

I would like to see groups implemented to make this more manageable.

> Hi,
> 
> I was wondering if anyone had a solution for my problem.
> We are trying to run several books on one server. The books are grouped 
> such as follows :
> 
> Group Users1 = Book1, Book2, Book3
> Group Users2 = Book4, Book5, Book6
> Group Users3 = Book7, Book8, Book9
> 
> We would like to give access to selected users to only their Group. So that 
> for instance Users1 cannot access the books of group Users3. I was 
> wondering if there is any notion of "User profile" or security per logbook 
> Group implemented?
> 
> What we do for now is that we have 3 different PASSELOG files and for each 
> Book we need to specify which PASSELOG should be used for authentication. 
> This works fine except that we prefer that users do not see the other 
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs 
> in the logbook view. Is there a way to hide these for them (but only for 
> them)?
> 
> Tomas

> No, but I will put it on the wishlist. Anyhow it is hard to implement 
> something like this. Assume that I would lock a page whenever it's edited 
by 
> someone. This person can edit it and forget to submit the changes, just 
close 
> the browser. Since the elogd server does not know when a remote browser 
is 
> closed, it cannot determine if the editing is just taking long or if the 
> person closed the browser. In the latter case, the message would be 
locked 
> forever and nobody could change it any more. If I put a timeout, like 
keep 
> locked for N minutes, it's again not 100% safe. I saw people doing shift 
work 
> with elog, opening a page, keeping it open for 8 hours and then submit 
it. 
So 
> if I set the timeout to 8h, and someone abandons editing a message, this 
> message would be blocked for 8h, which is probably also not what you 
want. 
> 
> Alternatively, I just can display a messge: Warning: this message is 
> currently edited by user xxx on host xxx. But if the warning is ignored 
by 
> the user, then again we have the same problem.
> 
> Do you see a clever solution to that?


I was thinking of having an icon on the page that administrator can click 
to 
unlock a record that has been left locked by someone, perhaps using 
something 
like 

Allow Unlock = admin (or even just have the option on the top like 
(Admin/Config) for administrators

Just like the delete function works, in addition to the Warning message as 
you suggested

> We are using elog as a small database system, today we came across a 
> problem where 2 people were editing the same record and the first one to 
> submit his changes were overwritten when the second person submitted his.
> 
> Is there anyway to lock a logbook record when someone has pressed EDIT, 
> maybe set a flag in the logbook entry so it has to be unlocked when its 
> submitted by the originator or by an administrator.

No, but I will put it on the wishlist. Anyhow it is hard to implement 
something like this. Assume that I would lock a page whenever it's edited 
by 
someone. This person can edit it and forget to submit the changes, just 
close 
the browser. Since the elogd server does not know when a remote browser is 
closed, it cannot determine if the editing is just taking long or if the 
person closed the browser. In the latter case, the message would be locked 
forever and nobody could change it any more. If I put a timeout, like keep 
locked for N minutes, it's again not 100% safe. I saw people doing shift 
work 
with elog, opening a page, keeping it open for 8 hours and then submit it. 
So 
if I set the timeout to 8h, and someone abandons editing a message, this 
message would be blocked for 8h, which is probably also not what you want. 

Alternatively, I just can display a messge: Warning: this message is 
currently edited by user xxx on host xxx. But if the warning is ignored by 
the user, then again we have the same problem.

Do you see a clever solution to that?

We are using elog as a small database system, today we came across a 
problem where 2 people were editing the same record and the first one to 
submit his changes were overwritten when the second person submitted his.

Is there anyway to lock a logbook record when someone has pressed EDIT, 
maybe set a flag in the logbook entry so it has to be unlocked when its 
submitted by the originator or by an administrator.

Many Thanks

> We would like to give access to selected users to only their Group. So that 
> for instance Users1 cannot access the books of group Users3. I was 
> wondering if there is any notion of "User profile" or security per logbook 
> Group implemented?

No, groups of users are not yet implemented, but it's on the wishlist and I 
added your vote for this item.

> What we do for now is that we have 3 different PASSELOG files and for each 
> Book we need to specify which PASSELOG should be used for authentication. 
> This works fine except that we prefer that users do not see the other 
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs 
> in the logbook view. Is there a way to hide these for them (but only for 
> them)?

A (poor man's) work-around right now is to run three instances of elogd on 
three different ports, then use Apache as a proxy. I do this in this server 
for example. Under http://midas.psi.ch/elogdemo you see the public logbooks, 
while under http://midas.psi.ch/megelog you see some logbooks from an 
experiment here at our institute. The access control is completely separated, 
and you don't see the logbook tabs from the other group as well.

Hi,

I was wondering if anyone had a solution for my problem.
We are trying to run several books on one server. The books are grouped 
such as follows :

Group Users1 = Book1, Book2, Book3
Group Users2 = Book4, Book5, Book6
Group Users3 = Book7, Book8, Book9

We would like to give access to selected users to only their Group. So that 
for instance Users1 cannot access the books of group Users3. I was 
wondering if there is any notion of "User profile" or security per logbook 
Group implemented?

What we do for now is that we have 3 different PASSELOG files and for each 
Book we need to specify which PASSELOG should be used for authentication. 
This works fine except that we prefer that users do not see the other 
logbooks listed in the main menu nor the other "inaccessible" logbook tabs 
in the logbook view. Is there a way to hide these for them (but only for 
them)?

Tomas

Today I found out that Apache 1.3.23 (and probably 1.3.24) has a problem 
with ELOG if used as a proxy server. Due to a bug in Apache, only one 
cookie is transmitted through the proxy at a time. This makes it impossible 
to log in into ELOG with user name and password (requires two cookies). 
Apache 1.3.23 comes with RedHat 7.3 for example.

To solve the problem, update Apache to 1.3.27.

See also http://bugs.apache.org/index.cgi/full/9655

> I've been using elog for several months now, and one thing that's always
> seemed odd to me are the things like max number of attachments and max
> attachment size are defined right in the source code, and not in the config
> file.  It would seem that it would be simple to be able to define stuff like
> that in the config file (and have defaults in case they weren't specified),
> which would fix a lot of the recompiling problems - just edit the config 
file
> and restart elog.  Not that recompiling elog is difficult, it just seems 
like
> recompiling for such a simple setting is overkill...
> 
> Anyway, just curious.  Is there a technical reason this is not done?

The max attachment size I was able to not only make configurable, but to make 
dynamically. So if there is a very large attachment, the size is dynamically 
extended as long as there is RAM. The max number of attachments is not easy 
to change, since it's used internally as an array size, which has to be 
determined at compile time. Making this dynamically would require a major 
rework, which of course could be done, but it might be that there are more 
urgent requests.