[Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
Rob Crittenden
rcritten at redhat.com
Wed Jul 20 03:25:14 UTC 2011
JR Aquino wrote:
> On Jul 19, 2011, at 2:05 PM, JR Aquino wrote:
>
>> On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote:
>>
>>> On Tue, 2011-06-14 at 19:03 +0000, JR Aquino wrote:
>>>> Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively.
>>>>
>>>> The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes.
>>>>
>>>> The difference is handling is:
>>>> Sudo allowing someone to run a command as a user, or any user in a _group_.
>>>> vs
>>>> Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID.
>>>>
>>>> This is a very subtle difference that can be frustrating to configure / think about.
>>>>
>>>> I have added a patch to address new standard installs and updates.
>>>>
>>>> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209)
>>>
>>> NACK.
>>>
>>> 1) You forgot to update install/updates/Makefile.am so that the update
>>> is really executed. Please check that there won't be a conflict with
>>> your patch 37, they touch the same areas.
>>
>> Fixed
>>
>>>
>>> 2) Syntax of the "replace" statement in .update files has changed since
>>> you submitted your patch. The old and the new value are delimited with
>>> "::" now, IIRC.
>>
>> And Fixed
>
> Final Patch: -Fixed indentation of makefile to use tabs instead of spaces-
This works fine for me, ack.
pushed to master and ipa-2-0
More information about the Freeipa-devel
mailing list