Stephan Huiser wrote:
Hi,
I added some extra commands to the Wiki for ACL's on
/var/lib/certmaster and some directories below, needed for doing Func
calls as a non-root user.
The complete list of acl commands is now:
setfacl -d -R -m 'u:MYUSER:rX' /etc/pki/certmaster/
setfacl -R -m 'u:MYUSER:rX' /etc/pki/certmaster/
setfacl -d -R -m 'u:MYUSER:rX' /var/lib/certmaster
setfacl -R -m 'u:MYUSER:rX' /var/lib/certmaster
setfacl -d -R -m 'u:MYUSER:rX' /var/lib/certmaster/certmaster
setfacl -R -m 'u:MYUSER:rX' /var/lib/certmaster/certmaster
setfacl -d -R -m 'u:MYUSER:rX' /var/lib/certmaster/certmaster/certs
setfacl -R -m 'u:MYUSER:rX' /var/lib/certmaster/certmaster/certs
setfacl -d -R -m 'u:MYUSER:rX' /var/lib/certmaster/peers
setfacl -R -m 'u:MYUSER:rX' /var/lib/certmaster/peers
setfacl -d -R -m 'u:MYUSER:rwX' /var/lib/func
setfacl -R -m 'u:MYUSER:rwX' /var/lib/func
setfacl -d -R -m 'u:MYUSER:rwX' /var/log/func/func.log
setfacl -R -m 'u:MYUSER:rwX' /var/log/func/func.log
- Stephan
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
This may be a useful idea -- cobbler has a command to automate acl setup
for various users, i.e.
cobbler aclsetup --adduser foo (also works for removing and also for
groups)
And it will apply the ACLs to all of the right log directories.
Perhaps something we might want to copy over for Func.
/var/log/func/func.log should probably be /var/log/func (the whole
directory) and I'm guessing you also want the certmaster logging
directories.
Code is here if anyone wants to borrow some of it:
http://git.fedoraproject.org/git/cobbler?p=cobbler;a=blob_plain;f=cobbler/action_acl.py;hb=devel
--Michael
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
