Hi List,
I'd like to set up a read only service user to backup my DNS zone data into text file daily. However, I checked outputs from "ipa permission-find" and all of the attributes for user setting, none including permission to DNS records. Did I miss something here?
Thanks!
Kathy. pa permission-find --bindtype=all | grep "Permission name"`,
Kathy Zhu via FreeIPA-users wrote:
Hi List,
I'd like to set up a read only service user to backup my DNS zone data into text file daily. However, I checked outputs from "ipa permission-find" and all of the attributes for user setting, none including permission to DNS records. Did I miss something here?
Thanks!
Kathy. pa permission-find --bindtype=all | grep "Permission name"`,
Version sometimes makes a difference but I'll assume you're on 4.6+
The permission you want is "System: Read DNS Entries".
bindtype=all has a specific meaning, all authenticated users. It doesn't match this permission because it grants access to a specific group (itself).
rob
Thank you, Rob!
Yes, we are on 4.6.8-5. I will add "System: Read DNS Entries" permission to the service user.
Kathy.
On Tue, Nov 16, 2021 at 12:30 PM Rob Crittenden rcritten@redhat.com wrote:
Kathy Zhu via FreeIPA-users wrote:
Hi List,
I'd like to set up a read only service user to backup my DNS zone data into text file daily. However, I checked outputs from "ipa permission-find" and all of the attributes for user setting, none including permission to DNS records. Did I miss something here?
Thanks!
Kathy. pa permission-find --bindtype=all | grep "Permission name"`,
Version sometimes makes a difference but I'll assume you're on 4.6+
The permission you want is "System: Read DNS Entries".
bindtype=all has a specific meaning, all authenticated users. It doesn't match this permission because it grants access to a specific group (itself).
rob
freeipa-users@lists.fedorahosted.org
-
Kathy Zhu -
Rob Crittenden