[Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
Martin Kosek
mkosek at redhat.com
Tue Jul 19 14:30:47 UTC 2011
On Tue, 2011-06-14 at 19:03 +0000, JR Aquino wrote:
> Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively.
>
> The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes.
>
> The difference is handling is:
> Sudo allowing someone to run a command as a user, or any user in a _group_.
> vs
> Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID.
>
> This is a very subtle difference that can be frustrating to configure / think about.
>
> I have added a patch to address new standard installs and updates.
>
> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209)
NACK.
1) You forgot to update install/updates/Makefile.am so that the update
is really executed. Please check that there won't be a conflict with
your patch 37, they touch the same areas.
2) Syntax of the "replace" statement in .update files has changed since
you submitted your patch. The old and the new value are delimited with
"::" now, IIRC.
Martin
More information about the Freeipa-devel
mailing list