[Freeipa-devel] [PATCH] 0528 Add managed read permission to automount
Martin Kosek
mkosek at redhat.com
Wed Apr 16 14:50:37 UTC 2014
On 04/16/2014 02:14 PM, Petr Viktorin wrote:
> A single permission granting anonymous read access covers automountlocation,
> automountmap, and automountkey.
>
This works fine, I am just wondering about the ACI:
1) Simo, are you OK with one ACI covering all automount objects? I personally
am, I cannot imagine a situation when somebody allows automount maps but not
the automount keys. But on the other hand, we also have separate permissions
for sudo commands, sudo command groups, sudo rules...
2) Should we limit the ACI by an objectclass filter? I.e.
(|(objectclass=automountmap)(objectclass=automount))?
Martin
More information about the Freeipa-devel
mailing list