[Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
JR Aquino
JR.Aquino at citrix.com
Tue Jul 19 21:05:58 UTC 2011
On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote:
> On Tue, 2011-06-14 at 19:03 +0000, JR Aquino wrote:
>> Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively.
>>
>> The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes.
>>
>> The difference is handling is:
>> Sudo allowing someone to run a command as a user, or any user in a _group_.
>> vs
>> Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID.
>>
>> This is a very subtle difference that can be frustrating to configure / think about.
>>
>> I have added a patch to address new standard installs and updates.
>>
>> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209)
>
> NACK.
>
> 1) You forgot to update install/updates/Makefile.am so that the update
> is really executed. Please check that there won't be a conflict with
> your patch 37, they touch the same areas.
Fixed
>
> 2) Syntax of the "replace" statement in .update files has changed since
> you submitted your patch. The old and the new value are delimited with
> "::" now, IIRC.
And Fixed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch
Type: application/octet-stream
Size: 1351 bytes
Desc: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110719/2113160f/attachment.obj>
More information about the Freeipa-devel
mailing list