On Mon, Oct 08, 2001 at 09:09:14PM +0200, Emiliano wrote: > Alexander Bokovoy wrote: > > > However, if I would put a wrapper in repligard_create_fake_resource() for > > processing non-existent sitegroups in that way it will open a security > > hole because then every user will be able to create his/her own sitegroup > > without even knowing administrator's account. This is not what I would > > like to see. > > > > The only one solution I can propose is to export sitegroup record information > > into different file and require to import it with admin priviledges > > _before_ importing whole sitegroup data itself. > > > > What do you guys think? > > That'd be one option. But couldn't the same be accomplished by two > separate repligard schemas? No, this is different story. Let me be clear: in order to create sitegroup currently logged user should have root priviledges or mgd_create will safely ignore sitegroup creation (lib/src/midgard.c:1322). This means that XML file should be either imported using priviledged account or XML file should be split into two pieces (XML files): one with sitegroup resource, one with actual data and then they should be imported using following way:
1. Import XML file with sitegroup resource using priviledged account 2. Import XML file with sitegroup content using normal account. We already have different repligard scheme for dealing with sitegroups which puts sitegroup info into exported XML file, but this info cannot be properly imported w/o admin priviledges. -- / Alexander Bokovoy $ cat /proc/identity >~/.signature `Senior software developer and analyst for SaM-Solutions Ltd.` --- Try to divide your time evenly to keep others happy. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
