[Freeipa-devel] [PATCHES] 0510-0511 Add managed read permissions to group & hostgroup
Martin Kosek
mkosek at redhat.com
Wed Apr 9 13:26:45 UTC 2014
On 04/09/2014 03:04 PM, Simo Sorce wrote:
> On Wed, 2014-04-09 at 10:53 +0200, Martin Kosek wrote:
>> On 04/08/2014 02:25 PM, Petr Viktorin wrote:
>>> Hello,
>>> These add read permissions to read user groups and hostgroups.
>>>
>>> For most attributes, anonymous read access is given.
>>> For member, memberOf, memberUID, read access is given only to authenticated users.
>>
>> Didn't we agree that we want to make hostgroups read by authenticated users
>> only? Just like we did with netgroups. CCing Simo to confirm.
>>
>> Besides the default bind type, the ACI looked ok.
>
> I forgot if we decided anything about hostgroups, but they are not
> necessary for an anonymous reader so we may as well not server them in
> that case.
>
> Simo.
>
In that case Petr please consider changing 511 to only allow authenticated
users to read hostgroups.
Thanks,
Martin
More information about the Freeipa-devel
mailing list