On 08/13/2009 01:10 PM, Paul Company wrote: 
Assign ownership of the distro/profile/repo objects to your admin group only.
    

Isn't that the default behaviour?

Here's my current config, which I've done nothing to, the owners are
set to admin automatically.
What am I  missing?

# cobbler distro dumpvars --name=5Server-x86_64 | grep owners
 'default_ownership': ['admin'],
 'owners': ['admin'],

# cobbler profile dumpvars --name=5Server-x86_64-profile | grep owners
 'default_ownership': ['admin'],
 'owners': ['admin'],

# cobbler system dumpvars --name=5Server-x86_64-system | grep owners
 'default_ownership': ['admin'],
 'owners': ['admin'],

I don't see anything wrong with that.   Good.




  

    
Let other people create systems and the ownership of those system records will go to them.
    

  

  

This is where I'm getting confused.

Can you show me what my modules.conf, users.conf and cobbler.conf
files should look like to implement the following. I'm totally
misunderstanding what you're trying to get me to do.
  





Let's reset... you keep pasting what you are trying to do.    I've read
that.  Let's instead discuss exactly what behavior are you seeing and
full contents of your /current/ config files for users.conf,
modules.conf and the Apache config.  We can go from there.



Also, if you can, trry to explain without using the phrase "it doesn't
work", but instead saying exactly what you are seeing and what you
expect to see in what case...  







  
Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
    allow
      list on distros, profiles, repos, kickstarts
      list/copy/modify/new/remove/save on systems
    deny
      everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts






On Thu, Aug 13, 2009 at 9:36 AM, Michael DeHaan<mdehaan@redhat.com> wrote:
  

  

    
On 08/13/2009 12:33 PM, Paul Company wrote:

You can't prevent new systems, but ...


I don't understand this statement.


You cannot currently prevent authenticated users from creating new system
records.

I want everyone who passes the authentication phase to edit systems.


This is the way it presently works.

I just want to lock everyone, but admins, out of distros, profiles, and
repos.


Yes, this is easy, just assign admin ownership to them and do not list other
users in the ownership fields
for those things.

I still don't know if that's possible.


It is.

I feel like I'm communicating clearly what I want to do.
Here is what I want to do:

Allow users listed in user.conf [admins] section to do everything, but
for everyone else:
    allow
      list on distros, profiles, repos, kickstarts
      list/copy/modify/new/remove/save) on systems
    deny
      everything else (copy/modify/new/remove/save) on distros,
profiles, repos, kickstarts

Can this be done?
Yes or No


Yes.


If yes, how do you do it?


Assign ownership of the distro/profile/repo objects to your admin group
only.
Let other people create systems and the ownership of those system records
will go to them.



_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler


    

  

  
_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/cobbler