[Freeipa-devel] [PATCH] 0544 Remove the global anonymous read ACI
Martin Kosek
mkosek at redhat.com
Fri May 16 12:00:36 UTC 2014
On 04/29/2014 11:02 PM, Petr Viktorin wrote:
> I didn't test this as much as I'd like to, but it might come in handy when
> testing my earlier patches.
>
> The ACI is removed in the managed permissions plugin because I want to make
> sure it's done after all the managed permission updates, which query it.
It worked in my case (I tested upgrade from 3.3.5). What do we do about other
permissions we will want to remove? I am talking about following ACIs:
- no anonymous access to roles
- no anonymous access to sudo
- no anonymous access to hbac
- no anonymous access to member information
I would like to remove them in 544 as well as otherwise they would bias the
testing.
Martin
More information about the Freeipa-devel
mailing list