[et-mgmt-tools] cobbler support for users & tags

[Al Tobey]

The attached patch is the first step towards an authorization system
for cobbler.    It only adds tags for systems and user support.   The
tags do nothing yet, but will come into play with later patches.

Michael, you can apply if you want or do the sensible thing and wait
until this does something useful.    I'll try to push my branch to the
public repository later if people want to try that rather than
patches.

The authorization support I have in mind uses these generic tags to
grant users access to systems and profiles.     I think profiles will
have inheritable tags, but will not be editable by non-superuser
users, since this is probably what most people want.    Basically, if
a user has a tag that a system (or its upstream profile(s)) also has,
they have r/w access.   Otherwise, it's a deny-all policy.    Users
can be granted superuser access with the --superuser flag which is
only available on the CLI for now.

It looks like it will be really easy to support authorization in both
the webui and CLI.   The CLI support will come via sudo and its
SUDO_USER environment variable.   That way users can be given access
to run the CLI as root, but only for given systems.   It will be up to
each sysadmin out there to determine whether they want to risk giving
sudo access to cobbler as root and trust cobbler's code.

I'm definitely open to discussion about how the authorization stuff
plays out.   Right now I'm sticking to the KISS principle and trying
to keep things very flexible.

-Al
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-users-and-tags.patch
Type: text/x-patch
Size: 57805 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/et-mgmt-tools/attachments/20071104/a3248fd9/attachment.bin>