summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/hbac.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/hbac.py')
-rw-r--r--ipalib/plugins/hbac.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index 4d7681c48..94fa76227 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -59,6 +59,15 @@ EXAMPLES:
ipa hbac-add-user --users=john john_sshd
ipa hbac-add-service --hbacsvcs=sshd john_sshd
+ Create a rule for a new service group. This lets the user john access
+ the any FTP service on any machine from any machine:
+ ipa hbacsvcgroup-add ftpers
+ ipa hbacsvc-add sftp
+ ipa hbacsvcgroup-add-member --hbacsvcs=ftp,sftp ftpers
+ ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_ftp
+ ipa hbac-add-user --users=john john_ftp
+ ipa hbac-add-service --hbacsvcgroups=ftpers john_ftp
+
Disable a named HBAC rule:
ipa hbac-disable test1
generated by cgit (git 2.34.1) at 2024-06-30 20:00:12 +0000