On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote: > On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote: > > An update plugin needed root privileges, and aborted the update if an > > ordinary user user ran it. > > With this patch the plugin is skipped with a warning in that case. > > > > https://fedorahosted.org/freeipa/ticket/2621 > > Hi Petr, > I am not sure I like the proposed solution. > > If there is a legitimate reason to run this plugin as non-root (eg admin > user) then you should change the connection part to try to use GSSAPI > auth over ldap when non-root, not just throw a warning. > > If there is no reason for anyone but root to run this script then we > should just abort if not root IMO. > > Simo. >
I would keep this script runable for root users only. Regularly, this should not be run manually but as a part of RPM update which is done by root. It is being run manually only when something is broken anyway and I am not convinced that non-root users should be involved in such recovery. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel