[Freeipa-devel] [PATCH] 472 Let Host Administrators use host-disable command
Martin Kosek
mkosek at redhat.com
Fri Jun 27 15:12:52 UTC 2014
On 06/27/2014 05:10 PM, Simo Sorce wrote:
> On Fri, 2014-06-27 at 16:16 +0200, Martin Kosek wrote:
>> Host Administrators could not write to service keytab attribute and
>> thus they could not run the host-disable command.
>>
>> https://fedorahosted.org/freeipa/ticket/4284
>>
>
> Any reason why Host Administrators are not members of the service
> Administrators group/permission by default ?
>
> Simo.
>
I assume that the original intent was to allow admins to separate this
privileges. I.e. allow service administrators manage services on hosts but do
not allow them delete or disable the hosts.
This patch fixes the reported request for Foreman integration, if you have a
better one fixing it as well, we can go different way.
Thanks,
Martin
More information about the Freeipa-devel
mailing list