About: Licorn® DevBlog
rss
Browse by time:
- May 2012 (1)
- April 2012 (2)
- March 2012 (2)
- February 2012 (3)
- December 2011 (1)
- October 2011 (3)
- September 2011 (3)
- May 2011 (3)
- April 2011 (1)
- March 2011 (2)
- February 2011 (1)
- January 2011 (2)
- December 2010 (7)
- November 2010 (5)
- October 2010 (2)
- September 2010 (3)
- August 2010 (10)
- July 2010 (3)
- June 2010 (6)
- March 2009 (1)
- January 2009 (8)
Browse by category:
- rss ACLs (1)
- rss Architecture (1)
- rss CLI (4)
- rss D3 (1)
- rss Debian (1)
- rss LDAP (3)
- rss Licorn (4)
- rss Licorn® (2)
- rss NFS (1)
- rss OOP (1)
- rss Pyro (2)
- rss QA (2)
- rss RPC (1)
- rss SAMBA (1)
- rss Twisted (1)
- rss UNIX (1)
- rss WMI (5)
- rss add (2)
- rss admin (1)
- rss animations (1)
- rss apache (1)
- rss apprentice (1)
- rss architecture (1)
- rss automation (2)
- rss backend (5)
- rss backends (2)
- rss backup (2)
- rss bazaar (2)
- rss benchmark (1)
- rss bugfix (1)
- rss bugs (1)
- rss bzr (3)
- rss change (1)
- rss changes (1)
- rss check (1)
- rss chk (1)
- rss cleanup (1)
- rss cli (1)
- rss client (1)
- rss code (3)
- rss coding (1)
- rss completion (1)
- rss complexity (1)
- rss configuration (4)
- rss console (1)
- rss controllers (1)
- rss core (3)
- rss crashes (1)
- rss customization (1)
- rss daemon (12)
- rss darcs (4)
- rss debug (2)
- rss debugger (1)
- rss debugging (1)
- rss del (1)
- rss description (2)
- rss developement (1)
- rss developer (1)
- rss development (3)
- rss difficulties (1)
- rss discover (1)
- rss discovery (1)
- rss django (2)
- rss documentation (4)
- rss dynamic (1)
- rss ease (1)
- rss enhance (1)
- rss enhancement (9)
- rss enhancements (2)
- rss errors (1)
- rss events (1)
- rss experimental (1)
- rss extensions (5)
- rss features (1)
- rss finish (1)
- rss flag (1)
- rss flexibility (1)
- rss geany (1)
- rss geekism (1)
- rss get (1)
- rss gevent (2)
- rss git (1)
- rss gitflow (1)
- rss good (1)
- rss graphics (1)
- rss groups (3)
- rss gvim (1)
- rss httperf (1)
- rss https (1)
- rss i18n (1)
- rss ideas (1)
- rss implementation (1)
- rss inotifier (2)
- rss interaction (3)
- rss internals (1)
- rss javascript (1)
- rss jinja2 (1)
- rss jquery (1)
- rss key (1)
- rss ldap (6)
- rss leak (1)
- rss licorn (5)
- rss licornd (8)
- rss licornd-wmi (1)
- rss live (1)
- rss ltrace (2)
- rss machines (1)
- rss major (1)
- rss meliae (1)
- rss memory (1)
- rss migration (2)
- rss milestones (1)
- rss mod (1)
- rss model (1)
- rss modules (2)
- rss monitor (1)
- rss mount (1)
- rss network (4)
- rss news (1)
- rss night (1)
- rss nmap (1)
- rss ntfs (1)
- rss object (1)
- rss openldap (1)
- rss openssh (1)
- rss ouput (1)
- rss password (1)
- rss patch (1)
- rss performance (2)
- rss permissions (1)
- rss pickle (1)
- rss preferences (1)
- rss privileges (2)
- rss profiling (1)
- rss progress (5)
- rss properties (1)
- rss push (1)
- rss pyinotify (1)
- rss pylint (2)
- rss pyro (2)
- rss python (3)
- rss quality (2)
- rss rdiff-backup (1)
- rss readings (1)
- rss readline (1)
- rss refactor (1)
- rss reference (1)
- rss regexxer (1)
- rss release (1)
- rss remote (3)
- rss rename (1)
- rss report (1)
- rss repositories (2)
- rss repository (2)
- rss research (1)
- rss rewrite (1)
- rss rfoo (1)
- rss roadmap (1)
- rss rsync (1)
- rss schema (1)
- rss security (1)
- rss server (2)
- rss service (1)
- rss shadow (1)
- rss shutdown (1)
- rss speed (1)
- rss ssh (1)
- rss standard (1)
- rss status (2)
- rss summary (1)
- rss switch (1)
- rss system (3)
- rss team (1)
- rss testing (1)
- rss testsuite (2)
- rss thread (1)
- rss trac (2)
- rss udisks (1)
- rss unix (3)
- rss upgrade (1)
- rss usb (1)
- rss users (2)
- rss vfat (1)
- rss volumes (2)
- rss webserver (1)
- rss work (1)
- rss worklog (1)
First official extension: openssh
Tonight I sprint-coded the OpenSSH extension, removed all openssh-related code in LMC.configuration, and added system-service-related code to SystemController class.
Guess what:
- It works like a charm :-)
- I readded the missing functionnalities from previous releases (the AllowGroups configuration directive), and added much more (enable/disable ssh extension and service, check other configuration directives, verify the sshd is running...)
By the way, members of remotessh are allowed to connect, and members of admins too (regardless of their remotessh member status: this is cool because you (the reader) are probably already a member of admins, and you won't ever notice the sshd group-authorization enforcement ;-)
The OpensshExtension module can serve as an extension model: it seems quite clean (and short) to me.
This work would not have been so easy without the ConfigFile class Robin wrote. I enhanced it a little, but it's so practical!!
- Posted: 2010-12-23 03:17
- Author: olive
- Categories: enhancements openssh work system extensions night model
- Comments (0)
Removed silly limitations on system groups with LDAP backend enabled
Responding to changeset 279 and explaining the reasons of changeset 304, there is now no more limitations when creating system groups.
If the LDAP backend is enabled, the newly created system group will go into the LDAP backend.
This makes NFS works perfectly on LDAP-enabled clients, which now see all groups when listings ACLs and standard posix perms.
Now, the licorn-ldap-server debian package tries to move every important pre-existing system group (acl, licorn-wmi) from the Unix backend to the LDAP one. This will implicitly install them network-wide and avoid the need to create them on every ALT®. Finally this will help propagate admin privileges on every client.
- Posted: 2010-08-19 09:16
- Author: olive
- Categories: network privileges system standard NFS enhancement groups LDAP
- Comments (0)
Two small changes worth noticing in add user/group
two points which were pushed in revision 279, because bzr don't know anything about cherry picking (or I don't know how to use it):
- system users/groups are now always created in the Unix backend. this is far from perfect because they have to be replicated for ACLs to work and this will NEED to be done for the cluster, but the cluster doesn't exist yet, so don't bother. This is needed for groups like acl, remotessh and admins, which NEED to be created in /etc/group on the local system before the LDAP backend is activated (they are checked/created before the LDAP setup). This is kind of a workaround because it should work event with these groups in LDAP, but this implies some deep reorganization in the LicornConfiguration class, which will be done later (see #170).
- add a --force argument to add user/group, for the particular case of user/group with same name. This was trigerring a bug on old debian/ubuntu systems, but should be bypassable nowadays, because I expect adduser tools to have been fixed on this particular point.
