diff options
| -rw-r--r-- | install/share/bootstrap-template.ldif | 6 | ||||
| -rw-r--r-- | install/updates/40-delegation.update | 78 | ||||
| -rw-r--r-- | install/updates/45-roles.update | 2 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 4 | ||||
| -rw-r--r-- | ipalib/plugins/internal.py | 6 | ||||
| -rw-r--r-- | ipalib/plugins/sudocmd.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/sudocmdgroup.py | 2 | ||||
| -rw-r--r-- | ipalib/plugins/sudorule.py | 6 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 |
9 files changed, 54 insertions, 54 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 3cfff958..b941d5f8 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -289,16 +289,16 @@ cn: kdm description: kdm ipauniqueid:autogenerate -dn: cn=SUDO,cn=hbacservicegroups,cn=hbac,$SUFFIX +dn: cn=Sudo,cn=hbacservicegroups,cn=hbac,$SUFFIX changetype: add objectClass: ipaobject objectClass: ipahbacservicegroup objectClass: nestedGroup objectClass: groupOfNames objectClass: top -cn: SUDO +cn: Sudo ipauniqueid:autogenerate -description: Default group of SUDO related services +description: Default group of Sudo related services member: cn=sudo,cn=hbacservices,cn=hbac,$SUFFIX member: cn=sudo-i,cn=hbacservices,cn=hbac,$SUFFIX diff --git a/install/updates/40-delegation.update b/install/updates/40-delegation.update index 32568f92..aa431e7b 100644 --- a/install/updates/40-delegation.update +++ b/install/updates/40-delegation.update @@ -102,86 +102,86 @@ add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=hbacservicegroups,cn # SUDO -dn: cn=Add SUDO rule,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Add Sudo rule,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Add SUDO rule -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Add Sudo rule +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Delete SUDO rule,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Delete Sudo rule,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Delete SUDO rule -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Delete Sudo rule +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Modify SUDO rule,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Modify Sudo rule,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Modify SUDO rule -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Modify Sudo rule +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Add SUDO command,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Add Sudo command,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Add SUDO command -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Add Sudo command +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Delete SUDO command,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Delete Sudo command,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Delete SUDO command -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Delete Sudo command +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Modify SUDO command,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Modify Sudo command,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Modify SUDO command -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Modify Sudo command +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Add SUDO command group,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Add Sudo command group,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Add SUDO command group -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Add Sudo command group +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Delete SUDO command group,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Delete Sudo command group,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Delete SUDO command group -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Delete Sudo command group +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=Manage SUDO command group membership,cn=permissions,cn=pbac,$SUFFIX +dn: cn=Manage Sudo command group membership,cn=permissions,cn=pbac,$SUFFIX default:objectClass: groupofnames default:objectClass: ipapermission default:objectClass: top -default:cn: Manage SUDO command group membership -default:member: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +default:cn: Manage Sudo command group membership +default:member: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX -dn: cn=SUDO Administrator,cn=privileges,cn=pbac,$SUFFIX +dn: cn=Sudo Administrator,cn=privileges,cn=pbac,$SUFFIX default:objectClass: nestedgroup default:objectClass: groupofnames default:objectClass: top -default:cn: SUDO Administrator -default:description: SUDO Administrator +default:cn: Sudo Administrator +default:description: Sudo Administrator dn: $SUFFIX -add:aci: '(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add SUDO rule";allow (add) groupdn = "ldap:///cn=Add SUDO rule,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete SUDO rule";allow (delete) groupdn = "ldap:///cn=Delete SUDO rule,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(targetattr = "description || ipaenabledflag || usercategory || hostcategory || cmdcategory || ipasudorunasusercategory || ipasudorunasgroupcategory || externaluser || ipasudorunasextuser || ipasudorunasextgroup || memberdenycmd || memberallowcmd || memberuser")(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify SUDO rule";allow (write) groupdn = "ldap:///cn=Modify SUDO rule,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(targetattr = "description")(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify SUDO command";allow (write) groupdn = "ldap:///cn=Modify SUDO command,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete SUDO command";allow (delete) groupdn = "ldap:///cn=Delete SUDO command,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add SUDO command";allow (add) groupdn = "ldap:///cn=Add SUDO command,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add SUDO command group";allow (add) groupdn = "ldap:///cn=Add SUDO command group,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete SUDO command group";allow (delete) groupdn = "ldap:///cn=Delete SUDO command group,cn=permissions,cn=pbac,$SUFFIX";)' -add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Manage SUDO command group membership";allow (write) groupdn = "ldap:///cn=Manage SUDO command group membership,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add Sudo rule";allow (add) groupdn = "ldap:///cn=Add Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete Sudo rule";allow (delete) groupdn = "ldap:///cn=Delete Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(targetattr = "description || ipaenabledflag || usercategory || hostcategory || cmdcategory || ipasudorunasusercategory || ipasudorunasgroupcategory || externaluser || ipasudorunasextuser || ipasudorunasextgroup || memberdenycmd || memberallowcmd || memberuser")(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify Sudo rule";allow (write) groupdn = "ldap:///cn=Modify Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(targetattr = "description")(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify Sudo command";allow (write) groupdn = "ldap:///cn=Modify Sudo command,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete Sudo command";allow (delete) groupdn = "ldap:///cn=Delete Sudo command,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///sudocmd=*,cn=sudocmds,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add Sudo command";allow (add) groupdn = "ldap:///cn=Add Sudo command,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Add Sudo command group";allow (add) groupdn = "ldap:///cn=Add Sudo command group,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Delete Sudo command group";allow (delete) groupdn = "ldap:///cn=Delete Sudo command group,cn=permissions,cn=pbac,$SUFFIX";)' +add:aci: '(targetattr = "member")(target = "ldap:///cn=*,cn=sudocmdgroups,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Manage Sudo command group membership";allow (write) groupdn = "ldap:///cn=Manage Sudo command group membership,cn=permissions,cn=pbac,$SUFFIX";)' # Password Policy dn: cn=Add Group Password Policy costemplate,cn=permissions,cn=pbac,$SUFFIX diff --git a/install/updates/45-roles.update b/install/updates/45-roles.update index 7c08f667..04f4be8f 100644 --- a/install/updates/45-roles.update +++ b/install/updates/45-roles.update @@ -66,7 +66,7 @@ add:member: 'cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX' dn: cn=HBAC Administrator,cn=privileges,cn=pbac,$SUFFIX add:member: 'cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX' -dn: cn=SUDO administrator,cn=privileges,cn=pbac,$SUFFIX +dn: cn=Sudo administrator,cn=privileges,cn=pbac,$SUFFIX add:member: 'cn=IT Security Specialist,cn=roles,cn=accounts,$SUFFIX' dn: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 02c839cf..ff034c61 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -66,7 +66,7 @@ global_output_params = ( label=_('Roles'), ), Str('memberof_sudocmdgroup?', - label=_('SUDO Command Groups'), + label=_('Sudo Command Groups'), ), Str('member_privilege?', label='Granted to Privilege', @@ -96,7 +96,7 @@ global_output_params = ( label='Member of HBAC service groups', ), Str('member_sudocmd?', - label='Member SUDO commands', + label='Member Sudo commands', ), Str('memberindirect_user?', label=_('Indirect Member users'), diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py index ae8bf3b9..436867ba 100644 --- a/ipalib/plugins/internal.py +++ b/ipalib/plugins/internal.py @@ -262,11 +262,11 @@ class i18n_messages(Command): "unprovision":_("Unprovision"), }, "sudocmd": { - "add":_("Add New SUDO Command"), + "add":_("Add New Sudo Command"), "groups":_("Groups"), }, "sudocmdgroup": { - "add":_("Add New SUDO Command Group"), + "add":_("Add New Sudo Command Group"), "commands":_("Commands"), }, "sudorule": { @@ -361,7 +361,7 @@ class i18n_messages(Command): "policy":_("Policy"), "audit": _("Audit"), "ipaserver":_("IPA Server"), - "sudo":_("SUDO"), + "sudo":_("Sudo"), "hbac":_("HBAC"), "role":_("Role Based Access Control") }, diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py index 117865ea..ad9f87d2 100644 --- a/ipalib/plugins/sudocmd.py +++ b/ipalib/plugins/sudocmd.py @@ -61,7 +61,7 @@ class sudocmd(LDAPObject): 'memberof': ['sudocmdgroup'], } uuid_attribute = 'ipauniqueid' - label = _('SUDO Commands') + label = _('Sudo Commands') takes_params = ( Str('sudocmd', diff --git a/ipalib/plugins/sudocmdgroup.py b/ipalib/plugins/sudocmdgroup.py index 923b3c68..e628a176 100644 --- a/ipalib/plugins/sudocmdgroup.py +++ b/ipalib/plugins/sudocmdgroup.py @@ -63,7 +63,7 @@ class sudocmdgroup(LDAPObject): 'member': ['sudocmd'], } - label = _('SUDO Command Groups') + label = _('Sudo Command Groups') takes_params = ( Str('cn', diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 2565cd81..fa114a1f 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -22,7 +22,7 @@ give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. -FreeIPA provides a designated binddn to use with SUDO located at: +FreeIPA provides a designated binddn to use with Sudo located at: uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com To enable the binddn run the following command to set the password: @@ -65,7 +65,7 @@ class sudorule(LDAPObject): 'ipasudorunasgroup': ['group'], } - label = _('SUDO') + label = _('Sudo') takes_params = ( Str('cn', @@ -607,7 +607,7 @@ class sudorule_add_option(LDAPQuery): dn = self.obj.get_dn(cn) (dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt']) - + entry_attrs.setdefault('ipasudoopt', []).append( options['ipasudoopt'] ) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 2bb083fb..64954c40 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -250,7 +250,7 @@ class DsInstance(service.Service): self.step("adding replication acis", self.__add_replication_acis) self.step("configuring user private groups", self.__user_private_groups) self.step("configuring netgroups from hostgroups", self.__host_nis_groups) - self.step("creating default SUDO bind user", self.__add_sudo_binduser) + self.step("creating default Sudo bind user", self.__add_sudo_binduser) if hbac_allow: self.step("creating default HBAC rule allow_all", self.add_hbac) |