summaryrefslogtreecommitdiffstats
path: root/install/updates
diff options
context:
space:
mode:
authorDmitri Pal <dpal@redhat.com>2010-09-08 22:44:42 -0400
committerRob Crittenden <rcritten@redhat.com>2010-09-16 11:31:27 -0400
commit52af18ec03b7a5dc00764d4f33fe8d62811b8ca6 (patch)
treeec4f2d9c3f3b4d17789ca448ff9eb2461c32da4f /install/updates
parent5fd09b016b228c949963c77643f423360a4ada10 (diff)
downloadfreeipa-52af18ec03b7a5dc00764d4f33fe8d62811b8ca6.zip
freeipa-52af18ec03b7a5dc00764d4f33fe8d62811b8ca6.tar.gz
freeipa-52af18ec03b7a5dc00764d4f33fe8d62811b8ca6.tar.xz
Enabling SUDO support
* Adding a new SUDO schema file * Adding this new file to the list of targets in make file * Create SUDO container for sudo rules * Add default sudo services to HBAC services * Add default SUDO HBAC service group with two services sudo & sudo-i * Installing schema No SUDO rules are created by default by this patch.
Diffstat (limited to 'install/updates')
-rw-r--r--install/updates/30-hbacsvc.update33
1 files changed, 26 insertions, 7 deletions
diff --git a/install/updates/30-hbacsvc.update b/install/updates/30-hbacsvc.update
index dc36950..229c0f1 100644
--- a/install/updates/30-hbacsvc.update
+++ b/install/updates/30-hbacsvc.update
@@ -12,13 +12,6 @@ default:cn: ftp
default:description: ftp
default:ipauniqueid:$UUID
-dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
-default:objectclass: ipahbacservice
-default:objectclass: ipaobject
-default:cn: sudo
-default:description: sudo
-default:ipauniqueid:$UUID
-
dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
default:objectclass: ipahbacservice
default:objectclass: ipaobject
@@ -39,3 +32,29 @@ default:objectclass: ipaobject
default:cn: su-l
default:description: su with login shell
default:ipauniqueid:$UUID
+
+dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
+default:objectclass: ipahbacservice
+default:objectclass: ipaobject
+default:cn: sudo
+default:description: sudo
+default:ipauniqueid:$UUID
+
+dn: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
+default:objectclass: ipahbacservice
+default:objectclass: ipaobject
+default:cn: sudo-i
+default:description: sudo-i
+default:ipauniqueid:$UUID
+
+dn: cn=SUDO,cn=hbacservicegroups,cn=accounts,$SUFFIX
+default:objectClass: ipaobject
+default:objectClass: ipahbacservicegroup
+default:objectClass: nestedGroup
+default:objectClass: groupOfNames
+default:objectClass: top
+default:cn: SUDO
+default:ipauniqueid:$UUID
+default:description: Default group of SUDO related services
+default:member: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
+default:member: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX