Hi!
I use
[authentication]
module = authn_configfile
[authorization]
module = authz_ownership
to distinguish between an admin group and an additional group. With this, the
additional group can only edit distros and profiles belonging to them.
So far so good. Now I want the other group to be able to edit files in
"Kickstart Templates". But there I only get
NOTE: You do not have permission ...
In /var/log/cobbler.log
INFO | Exception occured: <type 'exceptions.AttributeError'>
INFO | Exception value: 'str' object has no attribute 'owners'
INFO | Exception Info:
File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1709, in
check_access_no_fail
self.check_access(token,resource,arg1,arg2)
File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1721, in
check_access
rc = self.api.authorize(user,resource,arg1,arg2)
File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 931, in
authorize
rc = self.authz.authorize(self,user,resource,arg1,arg2)
File "/usr/lib/python2.6/site-packages/cobbler/modules/authz_ownership.py",
line 200, in authorize
if obj is None or obj.owners is None or obj.owners == []:
INFO | REMOTE is_kickstart_in_use; user(xyz)
DEBUG | get_items; ['profile']
DEBUG | done with get_items; ['profile']
INFO | REMOTE read_kickstart_template; user(xyz);
name(/var/lib/cobbler/kickstarts/abc-server.ks)
DEBUG | authorize; ['xyz', 'read_kickstart_template',
'/var/lib/cobbler/kickstarts/abc-server.ks', True, 1]
DEBUG | REMOTE grundk authorization result: 1; user(?)
INFO | REMOTE version; user(xyz)
As an admin user I can edit the kickstart templates without any problems.
Interesting is, that the other group can create new files but not access them
after creating.
What do I need to do make this work?
I use cobbler-2.3.1-1.el6.noarch
Thanks in advance
mad
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
