Re: [Freeipa-users] Backup Restore

2012-07-17 Thread Dale Macartney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Duncan I spent a substantial amount of time on restorations last week. I was working towards a System State Backup method of backing up IPA. I managed to get a restoration working on a completely clean system by doing a file level restore. What

Re: [Freeipa-users] stopping su -

2012-07-17 Thread Dmitri Pal
On 07/17/2012 12:40 AM, Steven Jones wrote: Hi, I could do, authrequiredpam_wheel.soroot_only use_uid But I really want to do this with IPA or I have to get on each server and add and remove admins by hand (hint 300 servers)...that is the idea of something like IPA for

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

2012-07-17 Thread Arpit Tolani
Hello On Tue, Jul 17, 2012 at 3:15 AM, Steven Jones steven.jo...@vuw.ac.nzwrote: Hi, If I login as say user1, I want that user to be able to su - oracle, but not to say su - root (or to any other user). If user2 logins I want them unable to su - X at all and especially not root. If an

[Freeipa-users] [Fwd: Re: [Freeipa-devel] stopping su -]

2012-07-17 Thread Simo Sorce
This was probably meant for thew freeipa-users mailing list. Simo. -- Simo Sorce * Red Hat, Inc * New York ---BeginMessage--- sudo -i su - oracle No, you would run sudo -i oracle. -i = simulate initial login. Alternately, you can use sudo -s oracle for run shell as oracle Or you can run

Re: [Freeipa-users] another sudo su question

2012-07-17 Thread Dmitri Pal
On 07/17/2012 11:50 AM, KodaK wrote: I've been banging my head on this for a couple of days, and I can't find anything in the docs or by searching. I'm trying to do what I think should be pretty simple: I have a group of users and an application account, all in IPA. I want users in that

Re: [Freeipa-users] another sudo su question

2012-07-17 Thread KodaK
On Tue, Jul 17, 2012 at 11:06 AM, Dmitri Pal d...@redhat.com wrote: On 07/17/2012 11:50 AM, KodaK wrote: I've been banging my head on this for a couple of days, and I can't find anything in the docs or by searching. I'm trying to do what I think should be pretty simple: I have a group of

Re: [Freeipa-users] another sudo su question

2012-07-17 Thread KodaK
On Tue, Jul 17, 2012 at 1:40 PM, KodaK sako...@gmail.com wrote: On Tue, Jul 17, 2012 at 11:06 AM, Dmitri Pal d...@redhat.com wrote: On 07/17/2012 11:50 AM, KodaK wrote: I've been banging my head on this for a couple of days, and I can't find anything in the docs or by searching. I'm trying

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-17 Thread Stephen Ingram
On Mon, Jul 16, 2012 at 12:23 PM, Rob Crittenden rcrit...@redhat.com wrote: Stephen Ingram wrote: On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson rmegg...@redhat.com wrote: On 07/16/2012 11:48 AM, Stephen Ingram wrote: On Mon, Jul 16, 2012 at 9:35 AM, Rich Megginsonrmegg...@redhat.com

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-17 Thread Rob Crittenden
Stephen Ingram wrote: On Mon, Jul 16, 2012 at 12:23 PM, Rob Crittenden rcrit...@redhat.com wrote: Stephen Ingram wrote: On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson rmegg...@redhat.com wrote: On 07/16/2012 11:48 AM, Stephen Ingram wrote: On Mon, Jul 16, 2012 at 9:35 AM, Rich

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-17 Thread Stephen Ingram
On Tue, Jul 17, 2012 at 2:01 PM, Rob Crittenden rcrit...@redhat.com wrote: Stephen Ingram wrote: On Mon, Jul 16, 2012 at 12:23 PM, Rob Crittenden rcrit...@redhat.com wrote: Stephen Ingram wrote: On Mon, Jul 16, 2012 at 11:34 AM, Rich Megginson rmegg...@redhat.com wrote: On 07/16/2012

Re: [Freeipa-users] stopping su -

2012-07-17 Thread Steven Jones
Hi Actually this for me anyway is exactly what IPA should be forits security, its centrally managed and it saves workload. Doing this across 200+ servers needs to be centralised or IPA becomes pointless, very limited ie one point password, add and remove users (oh big deal I can use salt

Re: [Freeipa-users] stopping su -

2012-07-17 Thread Steven Jones
but presumably I can control sudo with IPA? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dmitri Pal

Re: [Freeipa-users] another sudo su question

2012-07-17 Thread Steven Jones
This is exactly my sort of thing as well. We seem to be in the freeipa group yet ppl are telling me to use pam.d...no one has really said you cannot do this in IPA, or you can and this is how.. :/ The very idea of using IPA is to stop having to do such local configuration regards

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

2012-07-17 Thread Steven Jones
Thankyou. :D regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From: Simo Sorce [s...@redhat.com] Sent: Wednesday, 18 July 2012 10:18 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject:

Re: [Freeipa-users] How to set a user group rule to allow su - oracle only?

2012-07-17 Thread Steven Jones
Hi, Thanks...yes I dont care how as such. Im trying to translate traditional linux/unix ways of doing things into IPA where possible...maybe that's where I'm communicating poorly and causing confusion, sorry about that. Its like english and french, I want the french but only have the

Re: [Freeipa-users] 2.20 dirsrv memory usage

2012-07-17 Thread John Dennis
On 07/17/2012 05:43 PM, Stephen Ingram wrote: [ details of performance analysis snipped for brevity ] I wonder if we shouldn't add some timing metrics to our code. As it is it's very hard to know where time is being spent. When I wrote the session code I added some timestamps used for