Petr Viktorin wrote:
On 06/05/2012 10:06 AM, Martin Kosek wrote:
On Mon, 2012-06-04 at 11:51 -0400, Simo Sorce wrote:
On Mon, 2012-06-04 at 17:22 +0200, Petr Viktorin wrote:
An update plugin needed root privileges, and aborted the update if an
ordinary user user ran it.
With this patch the plugin is skipped with a warning in that case.

Hi Petr,
I am not sure I like the proposed solution.

If there is a legitimate reason to run this plugin as non-root (eg admin
user) then you should change the connection part to try to use GSSAPI
auth over ldap when non-root, not just throw a warning.

If there is no reason for anyone but root to run this script then we
should just abort if not root IMO.


I would keep this script runable for root users only. Regularly, this
should not be run manually but as a part of RPM update which is done by
root. It is being run manually only when something is broken anyway and
I am not convinced that non-root users should be involved in such


Thanks for the advice. The attached patch only allows root to run

NACK. It is very handy for developers to be able to run ipa-ldap-updater to test update files.


Freeipa-devel mailing list

Reply via email to