[et-mgmt-tools] cobbler aclsetup feature
Michael DeHaan
mdehaan at redhat.com
Fri Jun 6 19:53:41 UTC 2008
So one of the requests I've gotten a lot is how can I run cobbler as
non-root.
It's doable with acls, but you have to know which ones to set.
I've added the "cobbler aclsetup" command to simply this.
Usage:
cobbler aclsetup --adduser=mdehaan
Now mdehaan can run cobbler commands as himself.
Note that the acl permissions granted to mdehaan above are quite large,
so we had better hope we can trust him.
For the curious those ACL's are:
PROCESS_DIRS = {
webdir : "rwx",
"/var/log/cobbler" : "rwx",
"/var/lib/cobbler" : "rwx",
"/etc/cobbler" : "rwx",
tftpboot : "rwx",
"/var/lib/cobbler/triggers" : "rwx"
}
Should we want to remove them:
cobbler aclsetpu --removeuser=mdehaan
This also works for groups.
It's just "--addgroup" or "--removegroup".
If you'd like to play with this, it's on the devel branch in git now.
This seems to work for me, one of the next steps seems to be figuring
out how to best make this work for cobblerd itself.
--Michael
More information about the et-mgmt-tools
mailing list