Adjustment to install/share/schema_compat.uldif to correctly assign 
sudorunasuser for both a user and group object respectively.

The bug had to do with the compat plugin syntax needing to correctly identify 
the difference behind intent with the 'runas' attributes.

The difference is handling is:
Sudo allowing someone to run a command as a user, or any user in a _group_.
vs
Sudo allowing someone to run a command as their own user but with a different 
_Group_ or GUID.

This is a very subtle difference that can be frustrating to configure / think 
about.

I have added a patch to address new standard installs and updates.

(This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209)

Attachment: binkXtDn1WRLj.bin
Description: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to