[Freeipa-devel] [PATCH] 113 Add missing attribute labels for sudorule

2011-08-17 Thread Martin Kosek 
I had doubts how to name ipasudorunasgroup_group attribute, this is the
result. Btw what is the difference between attributes
ipasudorunasgroup_group and ipasudorunas_group?

Martin
From 1f1b31d6f41ef8539b89c4382a83cd7f7d0a8e30 Mon Sep 17 00:00:00 2001
From: Martin Kosek mko...@redhat.com
Date: Wed, 17 Aug 2011 10:12:46 +0200
Subject: [PATCH] Add missing attribute labels for sudorule

https://fedorahosted.org/freeipa/ticket/1571
---
 ipalib/plugins/sudorule.py |8 
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 0c9a8c7e9aafdcf43b33a5341746e615d41990bc..17859472c5a38c36e9a3567cee0618ae64e290c8 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -179,6 +179,14 @@ class sudorule(LDAPObject):
 label=_('RunAs External Group'),
 doc=_('External Group the commands can run as (sudorule-find only)'),
 ),
+Str('ipasudoopt?',
+label=_('Sudo Option'),
+flags=['no_create', 'no_update', 'no_search'],
+),
+Str('ipasudorunasgroup_group?',
+label=_('RunAsGroup Group'),
+flags=['no_create', 'no_update', 'no_search'],
+),
 )
 
 api.register(sudorule)
-- 
1.7.6

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 113 Add missing attribute labels for sudorule

2011-08-17 Thread Rob Crittenden 

Martin Kosek wrote:

I had doubts how to name ipasudorunasgroup_group attribute, this is the
result. Btw what is the difference between attributes
ipasudorunasgroup_group and ipasudorunas_group?



ACK

This confused me as well so I double-checked with JR.

ipasudorunasgroup sets the gid to group when executing the command.

ipasudorunas group sets a group of allowed users to run a command as. 
JR's example was: sudo -u rcrit /bin/less


If rcrit is in either the ipasudorunas user or group then you can run 
the command as me.


I opened ticket 1657 to improve the documentation. I think connecting it 
to the sudo options and/or providing examples like this will help.


pushed to master and ipa-2-1

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel