cobbler aclsetup feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So one of the requests I've gotten a lot is how can I run cobbler as non-root.

It's doable with acls, but you have to know which ones to set.
I've added the "cobbler aclsetup" command to simply this.

Usage:

   cobbler aclsetup --adduser=mdehaan

Now mdehaan can run cobbler commands as himself.

Note that the acl permissions granted to mdehaan above are quite large, so we had better hope we can trust him.

For the curious those ACL's are:

       PROCESS_DIRS = {
          webdir                      : "rwx",
          "/var/log/cobbler"          : "rwx",
          "/var/lib/cobbler"          : "rwx",
          "/etc/cobbler"              : "rwx",
          tftpboot                    : "rwx",
          "/var/lib/cobbler/triggers" : "rwx"
       }

Should we want to remove them:

   cobbler aclsetpu --removeuser=mdehaan

This also works for groups.

It's just "--addgroup" or "--removegroup".

If you'd like to play with this, it's on the devel branch in git now.

This seems to work for me, one of the next steps seems to be figuring out how to best make this work for cobblerd itself.

--Michael


_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

[Index of Archives]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux