[Freeipa-devel] [PATCH] 0057 Skip the fix_replica_memberof update plugin for non-root users
Simo Sorce
simo at redhat.com
Mon Jun 4 15:51:11 UTC 2012
On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote:
> An update plugin needed root privileges, and aborted the update if an
> ordinary user user ran it.
> With this patch the plugin is skipped with a warning in that case.
>
> https://fedorahosted.org/freeipa/ticket/2621
Hi Petr,
I am not sure I like the proposed solution.
If there is a legitimate reason to run this plugin as non-root (eg admin
user) then you should change the connection part to try to use GSSAPI
auth over ldap when non-root, not just throw a warning.
If there is no reason for anyone but root to run this script then we
should just abort if not root IMO.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list