Let's reset...
Sounds good. (and thank you for your
patience).
Let's instead discuss exactly what behavior are you seeing and
full contents of your /current/
config files for users.conf, modules.conf and the Apache config. We can go from there.
I think my other post titled "authz_ownership not working with
authn_passthru + Kerberos"
Probably summarizes what I want to do.
It also contains teh users.conf, modules.conf and Apache config you're
requesting.
On Thu, Aug 13, 2009 at 10:24 AM, Michael DeHaan<mdehaan(a)redhat.com> wrote:
On 08/13/2009 01:10 PM, Paul Company wrote:
Assign ownership of the distro/profile/repo objects to your admin group
only.
Isn't that the default behaviour?
Here's my current config, which I've done nothing to, the owners are
set to admin automatically.
What am I missing?
# cobbler distro dumpvars --name=5Server-x86_64 | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
# cobbler profile dumpvars --name=5Server-x86_64-profile | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
# cobbler system dumpvars --name=5Server-x86_64-system | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
I don't see anything wrong with that. Good.
Let other people create systems and the ownership of those system records
will go to them.
This is where I'm getting confused.
Can you show me what my modules.conf, users.conf and cobbler.conf
files should look like to implement the following. I'm totally
misunderstanding what you're trying to get me to do.
Let's reset... you keep pasting what you are trying to do. I've read
that. Let's instead discuss exactly what behavior are you seeing and full
contents of your /current/ config files for users.conf, modules.conf and the
Apache config. We can go from there.
Also, if you can, trry to explain without using the phrase "it doesn't
work", but instead saying exactly what you are seeing and what you expect to
see in what case...
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
allow
list on distros, profiles, repos, kickstarts
list/copy/modify/new/remove/save on systems
deny
everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts
On Thu, Aug 13, 2009 at 9:36 AM, Michael DeHaan<mdehaan(a)redhat.com> wrote:
On 08/13/2009 12:33 PM, Paul Company wrote:
You can't prevent new systems, but ...
I don't understand this statement.
You cannot currently prevent authenticated users from creating new system
records.
I want everyone who passes the authentication phase to edit systems.
This is the way it presently works.
I just want to lock everyone, but admins, out of distros, profiles, and
repos.
Yes, this is easy, just assign admin ownership to them and do not list other
users in the ownership fields
for those things.
I still don't know if that's possible.
It is.
I feel like I'm communicating clearly what I want to do.
Here is what I want to do:
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
allow
list on distros, profiles, repos, kickstarts
list/copy/modify/new/remove/save) on systems
deny
everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts
Can this be done?
Yes or No
Yes.
If yes, how do you do it?
Assign ownership of the distro/profile/repo objects to your admin group
only.
Let other people create systems and the ownership of those system records
will go to them.
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler