[Freeipa-devel] [PATCHES] 0594-0606 Convert default permissions to managed
Petr Viktorin
pviktori at redhat.com
Mon Jun 23 12:59:57 UTC 2014
On 06/23/2014 10:07 AM, Martin Kosek wrote:
> On 06/20/2014 11:17 PM, Martin Kosek wrote:
>> On 06/20/2014 05:06 PM, Petr Viktorin wrote:
>>> All these should be independent, except for conflicts in ACI.txt that are
>>> easily solved by running makeaci.
>>
>> Umh, now the fun begins as I see :) There will probably need to be some rebase,
>> it clashed with some other ACI patches in my tree (namely Hosts which I acked).
Rebased on top of my patch 0607, please apply that first.
Added a new patch, 0608, which adds missing write permissions.
>> 594: we miss permissions for Automount Locations. Permissions for keys&maps
>> look ok.
Added in 0608.
>>
>> 595: "System: Modify Group Membership" is probably waiting for the group
>> objectclass fix - the filter is different. Otherwise it looks ok.
Right; rebased.
>> 596-598: HBAC is ok
>>
>> 599: hostgroup is OK
>>
>> 600: there must have been some DS problem on my side as my regular user could
>> not see any netgroup
The problem is a bit closer to home this time.
Fixed in patch 0607.
>> 601: privileges - we miss CRUD ACIs
Added in 0608.
We also miss CRUD permissions on permissions, but since currently these
need pretty much unlimited access to ACIs, it's better to keep them
admin-only.
>> 602: roles were ok
>>
>> 603: ok
>>
>> I got this far today, the rest will need to wait for the next week.
>
> 604: ok, I was able to create a service, get a keytab
>
> 605: Should we case the permissions as "Sudo Command instead of "Sudo command"?
Yes, fixed
> 606: we also miss Modify Sudo Command permission so that people can modify
> description. Otherwise ok.
Added in 0608.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0594.2-Convert-Automount-default-permissions-to-managed.patch
Type: text/x-patch
Size: 16366 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0595.2-Convert-Group-default-permissions-to-managed.patch
Type: text/x-patch
Size: 11988 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0596.2-Convert-HBAC-Rule-default-permissions-to-managed.patch
Type: text/x-patch
Size: 9525 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0597.2-Convert-HBAC-Service-default-permissions-to-managed.patch
Type: text/x-patch
Size: 6264 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0598.2-Convert-HBAC-Service-Group-default-permissions-to-ma.patch
Type: text/x-patch
Size: 6703 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0599.2-Convert-Hostgroup-default-permissions-to-managed.patch
Type: text/x-patch
Size: 8847 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0600.2-Convert-Netgroup-default-permissions-to-managed.patch
Type: text/x-patch
Size: 9239 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0601.2-Convert-the-Modify-privilege-membership-permission-t.patch
Type: text/x-patch
Size: 4658 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0602.2-Convert-Role-default-permissions-to-managed.patch
Type: text/x-patch
Size: 8689 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0603.2-Convert-SELinux-User-Map-default-permissions-to-mana.patch
Type: text/x-patch
Size: 7888 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0604.2-Convert-Service-default-permissions-to-managed.patch
Type: text/x-patch
Size: 8890 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0605.2-Convert-Sudo-Command-default-permissions-to-managed.patch
Type: text/x-patch
Size: 8615 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0606.2-Convert-Sudo-Command-Group-default-permissions-to-ma.patch
Type: text/x-patch
Size: 6719 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0608.2-Add-several-CRUD-default-permissions.patch
Type: text/x-patch
Size: 10406 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140623/7bf0774b/attachment-0013.bin>
More information about the Freeipa-devel
mailing list