On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote:
> An update plugin needed root privileges, and aborted the update if an 
> ordinary user user ran it.
> With this patch the plugin is skipped with a warning in that case.
> https://fedorahosted.org/freeipa/ticket/2621

Hi Petr,
I am not sure I like the proposed solution.

If there is a legitimate reason to run this plugin as non-root (eg admin
user) then you should change the connection part to try to use GSSAPI
auth over ldap when non-root, not just throw a warning.

If there is no reason for anyone but root to run this script then we
should just abort if not root IMO.


Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to