.. -*- mode: rst -*- .. _server-access-control: ================ Access Control ================ .. versionadded:: 1.4.0 Bcfg2 exposes various functions via XML-RPC calls. Some of these are relatively benign (e.g., the calls necessary to generate a client configuration) while others can be used to inspect potentially private data on the server or very easily mount a denial of service attack. As a result, access control lists to limit exposure of these calls is built in. There are two possible ACL methods: built-in, and the :ref:`server-plugins-misc-acl` plugin. The built-in approach simply applies a restrictive default ACL that lets ``localhost`` perform all XML-RPC calls, and restricts all other machines to only the calls necessary to run the Bcfg2 client. Specifically: * If the remote client is ``127.0.0.1``, the call is allowed. Note that, depending on where your Bcfg2 server listens and how it communicates with itself, it likely will not identify to itself as ``localhost``. * If the remote client is not ``127.0.0.1`` and the call is any of the ``set_debug`` or ``toggle_debug`` methods (including ``[toggle|set]_core_debug``), it is rejected. * If the remote client is not ``127.0.0.1`` and the call is ``get_statistics`` (used by ``bcfg2-admin perf``), it is rejected. * If the remote client is not ``127.0.0.1`` and the call includes a ``.`` -- i.e., it is dispatched to any plugin, such as ``Packages.Refresh`` -- then it is rejected. * Otherwise, the call is allowed. The built-in ACL is *only* intended to ensure that Bcfg2 is secure by default; it will not be sufficient in many (or even most) cases. In these cases, it's recommended that you use the :ref:`server-plugins-misc-acl` plugin.