On Sun, 2007-11-04 at 19:19 -0500, et-mgmt-tools-request@xxxxxxxxxx wrote: > Send et-mgmt-tools mailing list submissions to > et-mgmt-tools@xxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/et-mgmt-tools > or, via email, send a message with subject or body 'help' to > et-mgmt-tools-request@xxxxxxxxxx > > You can reach the person managing the list at > et-mgmt-tools-owner@xxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of et-mgmt-tools digest..." > > > Today's Topics: > > 1. cobbler support for users & tags (Al Tobey) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 4 Nov 2007 16:19:19 -0800 > From: "Al Tobey" <tobert@xxxxxxxxx> > Subject: cobbler support for users & tags > To: "Michael DeHaan" <mdehaan@xxxxxxxxxx>, "Fedora/Linux Management > Tools" <et-mgmt-tools@xxxxxxxxxx> > Message-ID: > <5ac7acb10711041619l4028a85fk29fb8a571af3a049@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset="iso-8859-1" > > The attached patch is the first step towards an authorization system > for cobbler. It only adds tags for systems and user support. The > tags do nothing yet, but will come into play with later patches. > > Michael, you can apply if you want or do the sensible thing and wait > until this does something useful. I'll try to push my branch to the > public repository later if people want to try that rather than > patches. > > The authorization support I have in mind uses these generic tags to > grant users access to systems and profiles. I think profiles will > have inheritable tags, but will not be editable by non-superuser > users, since this is probably what most people want. Basically, if > a user has a tag that a system (or its upstream profile(s)) also has, > they have r/w access. Otherwise, it's a deny-all policy. Users > can be granted superuser access with the --superuser flag which is > only available on the CLI for now. > > It looks like it will be really easy to support authorization in both > the webui and CLI. The CLI support will come via sudo and its > SUDO_USER environment variable. That way users can be given access > to run the CLI as root, but only for given systems. It will be up to > each sysadmin out there to determine whether they want to risk giving > sudo access to cobbler as root and trust cobbler's code. ...any tips for persuading others that this is ok? > > I'm definitely open to discussion about how the authorization stuff > plays out. Right now I'm sticking to the KISS principle and trying > to keep things very flexible. > > -Al > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: 0001-Add-users-and-tags.patch > Type: text/x-patch > Size: 57804 bytes > Desc: not available > Url : https://www.redhat.com/archives/et-mgmt-tools/attachments/20071104/a3248fd9/0001-Add-users-and-tags.bin > > ------------------------------ > > _______________________________________________ > et-mgmt-tools mailing list > et-mgmt-tools@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/et-mgmt-tools > > End of et-mgmt-tools Digest, Vol 15, Issue 4 > ******************************************** _______________________________________________ et-mgmt-tools mailing list et-mgmt-tools@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/et-mgmt-tools
