Assign ownership of the distro/profile/repo objects to your admin group only.
Isn't that the default behaviour?
Here's my current config, which I've done nothing to, the owners are
set to admin automatically.
What am I missing?
# cobbler distro dumpvars --name=5Server-x86_64 | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
# cobbler profile dumpvars --name=5Server-x86_64-profile | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
# cobbler system dumpvars --name=5Server-x86_64-system | grep owners
'default_ownership': ['admin'],
'owners': ['admin'],
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
allow
list on distros, profiles, repos, kickstarts
list/copy/modify/new/remove/save on systems
deny
everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts
On Thu, Aug 13, 2009 at 9:36 AM, Michael DeHaan<mdehaan@redhat.com> wrote:
On 08/13/2009 12:33 PM, Paul Company wrote:
You can't prevent new systems, but ...
I don't understand this statement.
You cannot currently prevent authenticated users from creating new system
records.
I want everyone who passes the authentication phase to edit systems.
This is the way it presently works.
I just want to lock everyone, but admins, out of distros, profiles, and
repos.
Yes, this is easy, just assign admin ownership to them and do not list other
users in the ownership fields
for those things.
I still don't know if that's possible.
It is.
I feel like I'm communicating clearly what I want to do.
Here is what I want to do:
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
allow
list on distros, profiles, repos, kickstarts
list/copy/modify/new/remove/save) on systems
deny
everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts
Can this be done?
Yes or No
Yes.
If yes, how do you do it?
Assign ownership of the distro/profile/repo objects to your admin group
only.
Let other people create systems and the ownership of those system records
will go to them.
_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler
_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler