[Freeipa-devel] SUDO UI and CLI discrepancies
Endi Sukma Dewata
edewata at redhat.com
Fri Dec 3 20:35:37 UTC 2010
Hi,
Attached is the UI spec for SUDO. There are some differences with the
current CLI implementation.
1. The UI needs a rule status with values active & inactive. The CLI
doesn't have this attribute. HBAC has ipaenabledflag attribute which
can be managed using hbac-enable/disable operations.
2. The UI needs a user category for the "Who" section. The CLI doesn't
have this attribute. HBAC has usercategory attribute which can be
managed using hbac-add/mod operations.
3. The UI needs a host category for the "Access this host" section. The
CLI doesn't have this attribute. HBAC has hostcategory attribute
which can be managed using hbac-add/mod operations.
4. The UI needs separate allow-command and deny-command categories for
the "Run Command(s)" section. The CLI only has a single cmdcategory.
5. The UI needs separate run-as-user and run-as-group categories for
the "As Whom" section. The UI also needs a way to manage the list of
users/groups for the run-as-user, and the list of groups for the
run-as-group. The CLI doesn't have these attributes or operations.
6. According to ticket #534, the UI needs to support adding external
user, groups, and host. The current CLI doesn't seem to accept
external values.
This blocks https://fedorahosted.org/freeipa/ticket/534. Should I open a
ticket for each of the above issues? Thanks.
--
Endi S. Dewata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IPA_Sudo.pdf
Type: application/pdf
Size: 399581 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101203/dc83aa11/attachment.pdf>
More information about the Freeipa-devel
mailing list