When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
On (29/10/13 17:27), Jakub Hrozek wrote:
When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
From aaacd6ed5f46df6a23d54553c1ce48a5c61e2626 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Tue, 29 Oct 2013 17:26:39 +0100 Subject: [PATCH] MAN: Document that krb5 directories can only be created as private
src/man/sssd-krb5.5.xml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index e8d693aa8ad6ff11c88ee0e9d5d7445c610baad9..cda99abb5878c963ce5791467defd463c7781226 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -137,16 +137,9 @@ <para> Directory to store credential caches. All the substitution sequences of krb5_ccname_template can
be used here, too, except %d and %P. If thedirectory does not exist, it will be created. If %u,%U, %p or %h are used, a private directory belongingto the user is created. Otherwise, a public directorywith restricted deletion flag (aka sticky bit, asdescribed in<citerefentry><refentrytitle>chmod</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details) is created.
be used here, too, except %d and %P.The directory is created as private, owned by theuser, with permissions set to 0700.
Stephen suggested on IRC following sentence.
The directory is created as private and owned by the user, with permissions set to 0700 (unusable by any other user).
LS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 12:57 PM, Lukas Slebodnik wrote:
On (29/10/13 17:27), Jakub Hrozek wrote:
When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
From aaacd6ed5f46df6a23d54553c1ce48a5c61e2626 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Tue, 29 Oct 2013 17:26:39 +0100 Subject: [PATCH] MAN: Document that krb5 directories can only be created as private
--- src/man/sssd-krb5.5.xml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index e8d693aa8ad6ff11c88ee0e9d5d7445c610baad9..cda99abb5878c963ce5791467defd463c7781226 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -137,16 +137,9 @@ <para> Directory to store credential caches. All the substitution sequences of krb5_ccname_template can - be used here, too, except %d and %P. If the - directory does not exist, it will be created. If %u, - %U, %p or %h are used, a private directory belonging - to the user is created. Otherwise, a public directory - with restricted deletion flag (aka sticky bit, as - described in - <citerefentry> - <refentrytitle>chmod</refentrytitle> - <manvolnum>1</manvolnum> - </citerefentry> for details) is created. + be used here, too, except %d and %P. + The directory is created as private, owned by the + user, with permissions set to 0700.
Stephen suggested on IRC following sentence.
The directory is created as private and owned by the user, with permissions set to 0700 (unusable by any other user).
Sorry, on a second reading, just drop "(unusable by any other user)". It's redundant.
On Tue, Oct 29, 2013 at 01:03:33PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 12:57 PM, Lukas Slebodnik wrote:
On (29/10/13 17:27), Jakub Hrozek wrote:
When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
From aaacd6ed5f46df6a23d54553c1ce48a5c61e2626 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Tue, 29 Oct 2013 17:26:39 +0100 Subject: [PATCH] MAN: Document that krb5 directories can only be created as private
--- src/man/sssd-krb5.5.xml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index e8d693aa8ad6ff11c88ee0e9d5d7445c610baad9..cda99abb5878c963ce5791467defd463c7781226 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -137,16 +137,9 @@ <para> Directory to store credential caches. All the substitution sequences of krb5_ccname_template can - be used here, too, except %d and %P. If the - directory does not exist, it will be created. If %u, - %U, %p or %h are used, a private directory belonging - to the user is created. Otherwise, a public directory - with restricted deletion flag (aka sticky bit, as - described in - <citerefentry> - <refentrytitle>chmod</refentrytitle> - <manvolnum>1</manvolnum> - </citerefentry> for details) is created. + be used here, too, except %d and %P. + The directory is created as private, owned by the + user, with permissions set to 0700.
Stephen suggested on IRC following sentence.
The directory is created as private and owned by the user, with permissions set to 0700 (unusable by any other user).
Sorry, on a second reading, just drop "(unusable by any other user)". It's redundant.
Thanks for the review, a new patch is attached.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 01:05 PM, Jakub Hrozek wrote:
On Tue, Oct 29, 2013 at 01:03:33PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 12:57 PM, Lukas Slebodnik wrote:
On (29/10/13 17:27), Jakub Hrozek wrote:
When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
From aaacd6ed5f46df6a23d54553c1ce48a5c61e2626 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Tue, 29 Oct 2013 17:26:39 +0100 Subject: [PATCH] MAN: Document that krb5 directories can only be created as private
--- src/man/sssd-krb5.5.xml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index e8d693aa8ad6ff11c88ee0e9d5d7445c610baad9..cda99abb5878c963ce5791467defd463c7781226
100644 --- a/src/man/sssd-krb5.5.xml +++
b/src/man/sssd-krb5.5.xml @@ -137,16 +137,9 @@ <para> Directory to store credential caches. All the substitution sequences of krb5_ccname_template can - be used here, too, except %d and %P. If the - directory does not exist, it will be created. If %u, - %U, %p or %h are used, a private directory belonging - to the user is created. Otherwise, a public directory - with restricted deletion flag (aka sticky bit, as - described in - <citerefentry> - <refentrytitle>chmod</refentrytitle> - <manvolnum>1</manvolnum> - </citerefentry> for details) is created. + be used here, too, except %d and %P. + The directory is created as private, owned by the + user, with permissions set to 0700.
Stephen suggested on IRC following sentence.
The directory is created as private and owned by the user, with permissions set to 0700 (unusable by any other user).
Sorry, on a second reading, just drop "(unusable by any other user)". It's redundant.
Thanks for the review, a new patch is attached.
Ack
On Tue, Oct 29, 2013 at 01:06:30PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 01:05 PM, Jakub Hrozek wrote:
On Tue, Oct 29, 2013 at 01:03:33PM -0400, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/29/2013 12:57 PM, Lukas Slebodnik wrote:
On (29/10/13 17:27), Jakub Hrozek wrote:
When I started writing 1.11.2 release notes, I realized that we did not amend documentation when we removed the ability to create public krb5 directories.
From aaacd6ed5f46df6a23d54553c1ce48a5c61e2626 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek jhrozek@redhat.com Date: Tue, 29 Oct 2013 17:26:39 +0100 Subject: [PATCH] MAN: Document that krb5 directories can only be created as private
--- src/man/sssd-krb5.5.xml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index e8d693aa8ad6ff11c88ee0e9d5d7445c610baad9..cda99abb5878c963ce5791467defd463c7781226
100644 --- a/src/man/sssd-krb5.5.xml +++
b/src/man/sssd-krb5.5.xml @@ -137,16 +137,9 @@ <para> Directory to store credential caches. All the substitution sequences of krb5_ccname_template can - be used here, too, except %d and %P. If the - directory does not exist, it will be created. If %u, - %U, %p or %h are used, a private directory belonging - to the user is created. Otherwise, a public directory - with restricted deletion flag (aka sticky bit, as - described in - <citerefentry> - <refentrytitle>chmod</refentrytitle> - <manvolnum>1</manvolnum> - </citerefentry> for details) is created. + be used here, too, except %d and %P. + The directory is created as private, owned by the + user, with permissions set to 0700.
Stephen suggested on IRC following sentence.
The directory is created as private and owned by the user, with permissions set to 0700 (unusable by any other user).
Sorry, on a second reading, just drop "(unusable by any other user)". It's redundant.
Thanks for the review, a new patch is attached.
Ack
Pushed to master and sssd-1-11
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Lukas Slebodnik -
Stephen Gallagher