diff options
| author | Jr Aquino <jr.aquino@citrix.com> | 2010-12-13 07:38:09 -0800 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 17:56:13 -0500 |
| commit | b23b3911d2cc9e6063d66f885600c3aec471def9 (patch) | |
| tree | 345d050b987488feb0b495bbdbb34c38fd1b628f | |
| parent | 13139f2fd638d23739d294cb2f5b3b94569c2316 (diff) | |
| download | freeipa-b23b3911d2cc9e6063d66f885600c3aec471def9.tar.gz freeipa-b23b3911d2cc9e6063d66f885600c3aec471def9.tar.xz freeipa-b23b3911d2cc9e6063d66f885600c3aec471def9.zip | |
sudo run as user or group https://fedorahosted.org/freeipa/ticket/570
| -rw-r--r-- | ipalib/plugins/sudorule.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 420f5fdb..8ca2d100 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -46,6 +46,8 @@ class sudorule(LDAPObject): 'memberhost': ['host', 'hostgroup'], 'memberallowcmd': ['sudocmd', 'sudocmdgroup'], 'memberdenycmd': ['sudocmd', 'sudocmdgroup'], + 'ipasudorunas': ['user'], + 'ipasudorunasgroup': ['group'], } label = _('SUDO') @@ -82,6 +84,18 @@ class sudorule(LDAPObject): doc=_('Command category the rule applies to'), values=(u'all', ), ), + StrEnum('ipasudorunasusercategory?', + cli_name='runasusercat', + label=_('Run As User category'), + doc=_('Run As User category the rule applies to'), + values=(u'all', ), + ), + StrEnum('ipasudorunasgroupcategory?', + cli_name='runasgroupcat', + label=_('Run As Group category'), + doc=_('Run As Group category the rule applies to'), + values=(u'all', ), + ), Str('memberuser_user?', label=_('Users'), flags=['no_create', 'no_update', 'no_search'], @@ -110,6 +124,14 @@ class sudorule(LDAPObject): label=_('Sudo Command Groups'), flags=['no_create', 'no_update', 'no_search'], ), + Str('ipasudorunas_user?', + label=_('Run As User'), + flags=['no_create', 'no_update', 'no_search'], + ), + Str('ipasudorunasgroup_group?', + label=_('Run As Group'), + flags=['no_create', 'no_update', 'no_search'], + ), ) @@ -292,3 +314,43 @@ class sudorule_remove_host(LDAPRemoveMember): member_count_out = ('%i object removed.', '%i objects removed.') api.register(sudorule_remove_host) + + +class sudorule_add_runasuser(LDAPAddMember): + """ + Add user for Sudo to execute as. + """ + member_attributes = ['ipasudorunas'] + member_count_out = ('%i object added.', '%i objects added.') + +api.register(sudorule_add_runasuser) + + +class sudorule_remove_runasuser(LDAPRemoveMember): + """ + Remove user for Sudo to execute as. + """ + member_attributes = ['ipasudorunas'] + member_count_out = ('%i object removed.', '%i objects removed.') + +api.register(sudorule_remove_runasuser) + + +class sudorule_add_runasgroup(LDAPAddMember): + """ + Add group for Sudo to execute as. + """ + member_attributes = ['ipasudorunasgroup'] + member_count_out = ('%i object added.', '%i objects added.') + +api.register(sudorule_add_runasgroup) + + +class sudorule_remove_runasgroup(LDAPRemoveMember): + """ + Remove group for Sudo to execute as. + """ + member_attributes = ['ipasudorunasgroup'] + member_count_out = ('%i object removed.', '%i objects removed.') + +api.register(sudorule_remove_runasgroup) |