Re: [Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
JR Aquino wrote: On Jul 19, 2011, at 2:05 PM, JR Aquino wrote: On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote: On Tue, 2011-06-14 at 19:03 +, JR Aquino wrote: Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively. The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes. The difference is handling is: Sudo allowing someone to run a command as a user, or any user in a _group_. vs Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID. This is a very subtle difference that can be frustrating to configure / think about. I have added a patch to address new standard installs and updates. (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209) NACK. 1) You forgot to update install/updates/Makefile.am so that the update is really executed. Please check that there won't be a conflict with your patch 37, they touch the same areas. Fixed 2) Syntax of the "replace" statement in .update files has changed since you submitted your patch. The old and the new value are delimited with "::" now, IIRC. And Fixed Final Patch: -Fixed indentation of makefile to use tabs instead of spaces- This works fine for me, ack. pushed to master and ipa-2-0 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
On Jul 19, 2011, at 2:05 PM, JR Aquino wrote: > On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote: > >> On Tue, 2011-06-14 at 19:03 +, JR Aquino wrote: >>> Adjustment to install/share/schema_compat.uldif to correctly assign >>> sudorunasuser for both a user and group object respectively. >>> >>> The bug had to do with the compat plugin syntax needing to correctly >>> identify the difference behind intent with the 'runas' attributes. >>> >>> The difference is handling is: >>> Sudo allowing someone to run a command as a user, or any user in a _group_. >>> vs >>> Sudo allowing someone to run a command as their own user but with a >>> different _Group_ or GUID. >>> >>> This is a very subtle difference that can be frustrating to configure / >>> think about. >>> >>> I have added a patch to address new standard installs and updates. >>> >>> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209) >> >> NACK. >> >> 1) You forgot to update install/updates/Makefile.am so that the update >> is really executed. Please check that there won't be a conflict with >> your patch 37, they touch the same areas. > > Fixed > >> >> 2) Syntax of the "replace" statement in .update files has changed since >> you submitted your patch. The old and the new value are delimited with >> "::" now, IIRC. > > And Fixed Final Patch: -Fixed indentation of makefile to use tabs instead of spaces- binC59UFyftgb.bin Description: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
On Jul 19, 2011, at 7:30 AM, Martin Kosek wrote: > On Tue, 2011-06-14 at 19:03 +, JR Aquino wrote: >> Adjustment to install/share/schema_compat.uldif to correctly assign >> sudorunasuser for both a user and group object respectively. >> >> The bug had to do with the compat plugin syntax needing to correctly >> identify the difference behind intent with the 'runas' attributes. >> >> The difference is handling is: >> Sudo allowing someone to run a command as a user, or any user in a _group_. >> vs >> Sudo allowing someone to run a command as their own user but with a >> different _Group_ or GUID. >> >> This is a very subtle difference that can be frustrating to configure / >> think about. >> >> I have added a patch to address new standard installs and updates. >> >> (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209) > > NACK. > > 1) You forgot to update install/updates/Makefile.am so that the update > is really executed. Please check that there won't be a conflict with > your patch 37, they touch the same areas. Fixed > > 2) Syntax of the "replace" statement in .update files has changed since > you submitted your patch. The old and the new value are delimited with > "::" now, IIRC. And Fixed binODuqdArXrj.bin Description: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
On Tue, 2011-06-14 at 19:03 +, JR Aquino wrote: > Adjustment to install/share/schema_compat.uldif to correctly assign > sudorunasuser for both a user and group object respectively. > > The bug had to do with the compat plugin syntax needing to correctly identify > the difference behind intent with the 'runas' attributes. > > The difference is handling is: > Sudo allowing someone to run a command as a user, or any user in a _group_. > vs > Sudo allowing someone to run a command as their own user but with a different > _Group_ or GUID. > > This is a very subtle difference that can be frustrating to configure / think > about. > > I have added a patch to address new standard installs and updates. > > (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209) NACK. 1) You forgot to update install/updates/Makefile.am so that the update is really executed. Please check that there won't be a conflict with your patch 37, they touch the same areas. 2) Syntax of the "replace" statement in .update files has changed since you submitted your patch. The old and the new value are delimited with "::" now, IIRC. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 31 Correct behavior for sudorunasgroup vs sudorunasuser
Adjustment to install/share/schema_compat.uldif to correctly assign sudorunasuser for both a user and group object respectively. The bug had to do with the compat plugin syntax needing to correctly identify the difference behind intent with the 'runas' attributes. The difference is handling is: Sudo allowing someone to run a command as a user, or any user in a _group_. vs Sudo allowing someone to run a command as their own user but with a different _Group_ or GUID. This is a very subtle difference that can be frustrating to configure / think about. I have added a patch to address new standard installs and updates. (This Fix is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=713209) binkXtDn1WRLj.bin Description: freeipa-jraquino-0031-Correct-behavior-for-sudorunasgroup-vs-sudorunasuser.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel