[Freeipa-devel] [PATCH] 0544 Remove the global anonymous read ACI
Petr Viktorin
pviktori at redhat.com
Mon May 19 13:27:53 UTC 2014
On 05/16/2014 02:00 PM, Martin Kosek wrote:
> On 04/29/2014 11:02 PM, Petr Viktorin wrote:
>> I didn't test this as much as I'd like to, but it might come in handy when
>> testing my earlier patches.
>>
>> The ACI is removed in the managed permissions plugin because I want to make
>> sure it's done after all the managed permission updates, which query it.
>
> It worked in my case (I tested upgrade from 3.3.5). What do we do about other
> permissions we will want to remove? I am talking about following ACIs:
>
> - no anonymous access to roles
> - no anonymous access to sudo
> - no anonymous access to hbac
> - no anonymous access to member information
>
> I would like to remove them in 544 as well as otherwise they would bias the
> testing.
Right. Here is the updated patch.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0544.2-Remove-the-global-anonymous-read-ACI.patch
Type: text/x-patch
Size: 13334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140519/83c73dae/attachment.bin>
More information about the Freeipa-devel
mailing list