[Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
JR Aquino
JR.Aquino at citrix.com
Tue Jul 19 22:23:57 UTC 2011
On Jul 19, 2011, at 2:05 PM, JR Aquino wrote:
> On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote:
>
>> On Tue, 2011-06-14 at 19:03 +0000, JR Aquino wrote:
>>> Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively.
>>>
>>> The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes.
>>>
>>> The difference is handling is:
>>> Sudo allowing someone to run a command as a user, or any user in a _group_.
>>> vs
>>> Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID.
>>>
>>> This is a very subtle difference that can be frustrating to configure / think about.
>>>
>>> I have added a patch to address new standard installs and updates.
>>>
>>> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209)
>>
>> NACK.
>>
>> 1) You forgot to update install/updates/Makefile.am so that the update
>> is really executed. Please check that there won't be a conflict with
>> your patch 37, they touch the same areas.
>
> Fixed
>
>>
>> 2) Syntax of the "replace" statement in .update files has changed since
>> you submitted your patch. The old and the new value are delimited with
>> "::" now, IIRC.
>
> And Fixed
Final Patch: -Fixed indentation of makefile to use tabs instead of spaces-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch
Type: application/octet-stream
Size: 1338 bytes
Desc: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110719/ee0bb309/attachment.obj>
More information about the Freeipa-devel
mailing list