[Freeipa-devel] [WIP] Add command to test HBAC rules
Rob Crittenden
rcritten at redhat.com
Mon Jul 25 14:24:57 UTC 2011
Dmitri Pal wrote:
> How about:
>
> --all means all rules
> --enabled means all enabled rules; it can be used with the specific
> values like this --enabled=A,B,C then it will include only those enabled
> rules
> --disabled means all disabled rules; it can be used with the specific
> values like this --disabled=X,Y,Z then it will include only those
> disabled rules
> Eliminate --rules.
I don't think you can use an option in this way, as both a flag and
something that takes values. So I think --enabled and --disabled would
define the type of rule and --rules would be used to define the set to
examine.
--all and --rules would be mutually exclusive.
rob
More information about the Freeipa-devel
mailing list