#4346 Convert write permissions to managed
Closed: Fixed None Opened 8 years ago by pviktori.

As part of the access control effort (#3566 and related tickets), we want to change existing default permissions to be managed permissions.

Tickets #3697, #4344 should be fixed as part of this change.


In addition to #3697 and #4344, tickets #4252 and #3942 should also be fixed as the permissions are migrated.

The first batch of commits is in master:

  • acb2ca4 Add mechanism for updating permissions to managed
  • 91a5aec Convert Sudo rule default permissions to managed
  • f802845 Add missing attributes to 'Modify Sudo rule' permission

master:

  • e0cafea managed perm updater: Handle case where we changed default ACIs in the past
  • 53a63ae Convert User default permissions to managed
  • 46faed0 Add missing attributes to User managed permissions

non-SYSTEM default perms for DNS:

  • 16ee684 managed permission updater: Add mechanism to replace SYSTEM permissions
  • 853b6ef Convert DNS default permissions to managed
  • 700ac6c Remove the update_dns_permissions plugin

pwpolicy & costemplate:

  • 83cb982 Add $REALM to variables supported by the managed permission updater
  • ca465e8 Convert COSTemplate default permissions to managed
  • 49e8325 Convert Password Policy default permissions to managed

host:

  • 8a51103 Convert Host default permissions to managed
  • 14e2eb9 host permissions: Allow writing attributes needed for automatic enrollment

master:

  • afac09b Convert Automount default permissions to managed
  • af36627 Convert Group default permissions to managed
  • 81d8c8a Convert HBAC Rule default permissions to managed
  • 49abbb1 Convert HBAC Service default permissions to managed
  • 8e8e6b1 Convert HBAC Service Group default permissions to managed
  • 978af07 Convert Hostgroup default permissions to managed
  • 0c4d13e Convert Netgroup default permissions to managed
  • f881f06 Convert the Modify privilege membership permission to managed
  • 820a604 Convert Role default permissions to managed
  • f8dc518 Convert SELinux User Map default permissions to managed
  • 439dd7f Convert Service default permissions to managed
  • 6b47862 Convert Sudo Command default permissions to managed
  • 52003a9 Convert Sudo Command Group default permissions to managed
  • 175b19b Add several CRUD default permissions
  • 628bed8 test_permission_plugin: Fix permission_find test for legacy permissions

System permissions are not converted yet, but that part is not required for 4.0 and can be changed later.

I am thus closing this ticket as fixed.

Metadata Update from @pviktori:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2014/06

5 years ago

Login to comment on this ticket.

Metadata