From 52af18ec03b7a5dc00764d4f33fe8d62811b8ca6 Mon Sep 17 00:00:00 2001
From: Dmitri Pal <dpal@redhat.com>
Date: Wed, 8 Sep 2010 22:44:42 -0400
Subject: Enabling SUDO support

* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema

No SUDO rules are created by default by this patch.
---
 install/updates/30-hbacsvc.update | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

(limited to 'install/updates')

diff --git a/install/updates/30-hbacsvc.update b/install/updates/30-hbacsvc.update
index dc36950d5..229c0f143 100644
--- a/install/updates/30-hbacsvc.update
+++ b/install/updates/30-hbacsvc.update
@@ -12,13 +12,6 @@ default:cn: ftp
 default:description: ftp
 default:ipauniqueid:$UUID
 
-dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
-default:objectclass: ipahbacservice
-default:objectclass: ipaobject
-default:cn: sudo
-default:description: sudo
-default:ipauniqueid:$UUID
-
 dn: cn=su,cn=hbacservices,cn=accounts,$SUFFIX
 default:objectclass: ipahbacservice
 default:objectclass: ipaobject
@@ -39,3 +32,29 @@ default:objectclass: ipaobject
 default:cn: su-l
 default:description: su with login shell
 default:ipauniqueid:$UUID
+
+dn: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
+default:objectclass: ipahbacservice
+default:objectclass: ipaobject
+default:cn: sudo
+default:description: sudo
+default:ipauniqueid:$UUID
+
+dn: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
+default:objectclass: ipahbacservice
+default:objectclass: ipaobject
+default:cn: sudo-i
+default:description: sudo-i
+default:ipauniqueid:$UUID
+
+dn: cn=SUDO,cn=hbacservicegroups,cn=accounts,$SUFFIX
+default:objectClass: ipaobject
+default:objectClass: ipahbacservicegroup
+default:objectClass: nestedGroup
+default:objectClass: groupOfNames
+default:objectClass: top
+default:cn: SUDO
+default:ipauniqueid:$UUID
+default:description: Default group of SUDO related services
+default:member: cn=sudo,cn=hbacservices,cn=accounts,$SUFFIX
+default:member: cn=sudo-i,cn=hbacservices,cn=accounts,$SUFFIX
-- 
cgit