[Freeipa-users] Permission not working as expected
Deepak Dimri
deepak_dimri at hotmail.com
Tue Aug 30 02:22:48 UTC 2016
Hi All,
I have created below permission for my "testhostgroup" with the expectation that this permission will only allow write permission to the members of "testhostgroup" but, then it allows me to add/delete other hostgroup members as well. I tried changing the effective attribute to "memberof" instead of "member" but in vain as with that i started getting permission denied error even on testhostgroup itself.
*****
ipa permission-add 'testhostgroup-modify' --permission=write --attrs=member --filter='(&(cn=testhostgroup)(objectclass=ipahostgroup ))'
--------------------------------------
Added permission "testhostgroup-modify"
--------------------------------------
Permission name: testhostgroup-modify
Granted rights: write
Effective attributes: member
Bind rule type: permission
Subtree: dc=us-west-2,dc=compute,dc=amazonaws,dc=com
Extra target filter: (&(cn= testhostgroup)(objectclass=ipahostgroup ))******
How can i restrict permissions to manage only those hosts which are part of a particular hostgroup? any help you could offer on this would be much appreciated. I could not find much on similar issue in the forum :(
Thanks,Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160829/311f4081/attachment.htm>
More information about the Freeipa-users
mailing list