About: Licorn® DevBlog
rss
Browse by time:
- May 2012 (1)
- April 2012 (2)
- March 2012 (2)
- February 2012 (3)
- December 2011 (1)
- October 2011 (3)
- September 2011 (3)
- May 2011 (3)
- April 2011 (1)
- March 2011 (2)
- February 2011 (1)
- January 2011 (2)
- December 2010 (7)
- November 2010 (5)
- October 2010 (2)
- September 2010 (3)
- August 2010 (10)
- July 2010 (3)
- June 2010 (6)
- March 2009 (1)
- January 2009 (8)
Browse by category:
- rss ACLs (1)
- rss Architecture (1)
- rss CLI (4)
- rss D3 (1)
- rss Debian (1)
- rss LDAP (3)
- rss Licorn (4)
- rss Licorn® (2)
- rss NFS (1)
- rss OOP (1)
- rss Pyro (2)
- rss QA (2)
- rss RPC (1)
- rss SAMBA (1)
- rss Twisted (1)
- rss UNIX (1)
- rss WMI (5)
- rss add (2)
- rss admin (1)
- rss animations (1)
- rss apache (1)
- rss apprentice (1)
- rss architecture (1)
- rss automation (2)
- rss backend (5)
- rss backends (2)
- rss backup (2)
- rss bazaar (2)
- rss benchmark (1)
- rss bugfix (1)
- rss bugs (1)
- rss bzr (3)
- rss change (1)
- rss changes (1)
- rss check (1)
- rss chk (1)
- rss cleanup (1)
- rss cli (1)
- rss client (1)
- rss code (3)
- rss coding (1)
- rss completion (1)
- rss complexity (1)
- rss configuration (4)
- rss console (1)
- rss controllers (1)
- rss core (3)
- rss crashes (1)
- rss customization (1)
- rss daemon (12)
- rss darcs (4)
- rss debug (2)
- rss debugger (1)
- rss debugging (1)
- rss del (1)
- rss description (2)
- rss developement (1)
- rss developer (1)
- rss development (3)
- rss difficulties (1)
- rss discover (1)
- rss discovery (1)
- rss django (2)
- rss documentation (4)
- rss dynamic (1)
- rss ease (1)
- rss enhance (1)
- rss enhancement (9)
- rss enhancements (2)
- rss errors (1)
- rss events (1)
- rss experimental (1)
- rss extensions (5)
- rss features (1)
- rss finish (1)
- rss flag (1)
- rss flexibility (1)
- rss geany (1)
- rss geekism (1)
- rss get (1)
- rss gevent (2)
- rss git (1)
- rss gitflow (1)
- rss good (1)
- rss graphics (1)
- rss groups (3)
- rss gvim (1)
- rss httperf (1)
- rss https (1)
- rss i18n (1)
- rss ideas (1)
- rss implementation (1)
- rss inotifier (2)
- rss interaction (3)
- rss internals (1)
- rss javascript (1)
- rss jinja2 (1)
- rss jquery (1)
- rss key (1)
- rss ldap (6)
- rss leak (1)
- rss licorn (5)
- rss licornd (8)
- rss licornd-wmi (1)
- rss live (1)
- rss ltrace (2)
- rss machines (1)
- rss major (1)
- rss meliae (1)
- rss memory (1)
- rss migration (2)
- rss milestones (1)
- rss mod (1)
- rss model (1)
- rss modules (2)
- rss monitor (1)
- rss mount (1)
- rss network (4)
- rss news (1)
- rss night (1)
- rss nmap (1)
- rss ntfs (1)
- rss object (1)
- rss openldap (1)
- rss openssh (1)
- rss ouput (1)
- rss password (1)
- rss patch (1)
- rss performance (2)
- rss permissions (1)
- rss pickle (1)
- rss preferences (1)
- rss privileges (2)
- rss profiling (1)
- rss progress (5)
- rss properties (1)
- rss push (1)
- rss pyinotify (1)
- rss pylint (2)
- rss pyro (2)
- rss python (3)
- rss quality (2)
- rss rdiff-backup (1)
- rss readings (1)
- rss readline (1)
- rss refactor (1)
- rss reference (1)
- rss regexxer (1)
- rss release (1)
- rss remote (3)
- rss rename (1)
- rss report (1)
- rss repositories (2)
- rss repository (2)
- rss research (1)
- rss rewrite (1)
- rss rfoo (1)
- rss roadmap (1)
- rss rsync (1)
- rss schema (1)
- rss security (1)
- rss server (2)
- rss service (1)
- rss shadow (1)
- rss shutdown (1)
- rss speed (1)
- rss ssh (1)
- rss standard (1)
- rss status (2)
- rss summary (1)
- rss switch (1)
- rss system (3)
- rss team (1)
- rss testing (1)
- rss testsuite (2)
- rss thread (1)
- rss trac (2)
- rss udisks (1)
- rss unix (3)
- rss upgrade (1)
- rss usb (1)
- rss users (2)
- rss vfat (1)
- rss volumes (2)
- rss webserver (1)
- rss work (1)
- rss worklog (1)
Removed silly limitations on system groups with LDAP backend enabled
Responding to changeset 279 and explaining the reasons of changeset 304, there is now no more limitations when creating system groups.
If the LDAP backend is enabled, the newly created system group will go into the LDAP backend.
This makes NFS works perfectly on LDAP-enabled clients, which now see all groups when listings ACLs and standard posix perms.
Now, the licorn-ldap-server debian package tries to move every important pre-existing system group (acl, licorn-wmi) from the Unix backend to the LDAP one. This will implicitly install them network-wide and avoid the need to create them on every ALT®. Finally this will help propagate admin privileges on every client.
- Posted: 2010-08-19 09:16
- Author: olive
- Categories: network privileges system standard NFS enhancement groups LDAP
- Comments (0)
New set of commands for privileges
If you know about privileges, you know you can manipulate them only via the configuration object, like this:
get config privs sudo add group licorn-wmi --system sudo mod config --add-privileges licorn-wmi sudo add group remote-ssh --system sudo mod config --add-privileges remotessh sudo mod config --del-privileges licorn-wmi,remotessh get config privileges
Now you can handle them kind of "directly", like this:
get privs sudo add group licorn-wmi --system sudo add priv licorn-wmi sudo add group remote-ssh --system sudo add priv remotessh sudo del privs licorn-wmi,remotessh get privileges
Which is quite simpler, and - I think - more logical or consistent with the rest of the command set. The code lies in changeset 310.
- Posted: 2010-08-19 08:55 (Updated: 2010-11-11 15:18)
- Author: olive
- Categories: CLI get privileges add del enhancement configuration mod
- Comments (0)
