Old Release

Icon

This documentation covers an old version of Fedora. Looking for another version? See all documentation.

Skip to end of metadata
Go to start of metadata

Question

I would like to prevent changes to my repository for some period of time.  Is there a way to go "read-only" and disable API-M?

Answer

Yes; if you have XACML policy enforcement enabled, you can disable all API-M requests to your repository via policy.  While disabled, all API-M requests will result in an "Authorization Denied" message for the requesting user or application. As with all XACML policy changes, it is not necessary to restart your repository to put the new rules into effect.

Instructions:

  1. Ensure you have XACML policy enforcement enabled. This is the default option with Fedora 3.x, so it is likely already enabled for you. You can verify by opening your $FEDORA_HOME/server/config/fedora.fcfg, and checking the value of the ENFORCE_MODE parameter. The value should be be "enforce-policies". If it is not, you will need to change it, then restart Fedora.
  2. Create a new file at $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/read-only.xml with the following content:
  3. Run $FEDORA_HOME/server/bin/fedora-reload-policies.sh http username password (in Windows, the path to the script is %FEDORA_HOME%\server\bin\fedora-reload-policies.bat)
  4. When you want to re-enable API-M access, simply delete the file and run fedora-reload-policies again.
  • No labels