[Freeipa-devel] [PATCH] don't allow special groups to be removed
Karl MacMillan
kmacmill at redhat.com
Fri Nov 30 19:48:10 UTC 2007
On Fri, 2007-11-30 at 12:53 -0500, Rob Crittenden wrote:
> This patch won't allow the XML-RPC interface to remove the admins or
> editors groups nor the configured group that is the default group for
> new users.
>
Pushed.
> I was originally going to do an ACI for this but thought that returning
> a useful error message was better.
>
We need both - because users can always directly access the DS there is
no security value to checks in the xml-rpc layer. They are useful for
error reporting, consistency, etc., but not for security.
Karl
More information about the Freeipa-devel
mailing list