[Freeipa-devel] [PATCH 0007][DOC] Tip on restoring admin account

Petr Viktorin pviktori at redhat.com
Mon Mar 3 10:13:30 UTC 2014 

On 03/02/2014 11:26 PM, Gabe Alford wrote:
> Here is an updated patch that merges the notes and adds info about
> preventing removal of the last admin.
>
> Gabe

That looks misleading to me -- by default, the "group administrators" 
privilege actually excludes the right to modify admins. Only admins or 
the Directory Manager can add new admins.

I took a stab at correcting this; does the attached patch look good?

>
>
> On Fri, Feb 28, 2014 at 8:39 AM, Gabe Alford <redhatrises at gmail.com
> <mailto:redhatrises at gmail.com>> wrote:
>
>     That does make more sense to merge them under the same note. I can
>     also include a little blurb about ipa user-del and ipa
>     group-remove-member.
>
>
>     On Fri, Feb 28, 2014 at 5:54 AM, Petr Viktorin <pviktori at redhat.com
>     <mailto:pviktori at redhat.com>> wrote:
>
>         On 02/26/2014 04:01 PM, Gabe Alford wrote:
>
>             Hi all,
>
>             I added a tip in the deleting users section on restoring
>             admin account.
>             Please review.
>
>             https://fedorahosted.org/__freeipa/ticket/2746
>             <https://fedorahosted.org/freeipa/ticket/2746>
>
>
>
>         Hello,
>
>         The new tip is added right under a Note about the same thing (or
>         a very similar thing, from the user's POV). Would it be possible
>         to merge those two into a single Note?
>
>         Nowadays[0], ipa user-del and ipa group-remove-member will
>         refuse to delete the last admin. I think this information should
>         be added to the main docs. (Also, this reduces the importance of
>         the recovery instructions.)
>
>         [0] https://fedorahosted.org/__freeipa/ticket/2564
>         <https://fedorahosted.org/freeipa/ticket/2564>
>
>         --
>         Petrł
>
>
>


-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rga-0007-2+pviktori-Document-steps-to-restore-deleted-admin-account.patch
Type: text/x-patch
Size: 2088 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140303/8225bd9c/attachment.bin>

More information about the Freeipa-devel mailing list