>Let's reset... Sounds good. (and thank you for your patience). >Let's instead discuss exactly what behavior are you seeing and full contents >of your /current/ >config files for users.conf, modules.conf and the Apache config. We can go >from there.
I think my other post titled "authz_ownership not working with authn_passthru + Kerberos" Probably summarizes what I want to do. It also contains teh users.conf, modules.conf and Apache config you're requesting. On Thu, Aug 13, 2009 at 10:24 AM, Michael DeHaan<[email protected]> wrote: > On 08/13/2009 01:10 PM, Paul Company wrote: > > Assign ownership of the distro/profile/repo objects to your admin group > only. > > > Isn't that the default behaviour? > > Here's my current config, which I've done nothing to, the owners are > set to admin automatically. > What am I missing? > > # cobbler distro dumpvars --name=5Server-x86_64 | grep owners > 'default_ownership': ['admin'], > 'owners': ['admin'], > > # cobbler profile dumpvars --name=5Server-x86_64-profile | grep owners > 'default_ownership': ['admin'], > 'owners': ['admin'], > > # cobbler system dumpvars --name=5Server-x86_64-system | grep owners > 'default_ownership': ['admin'], > 'owners': ['admin'], > > > > I don't see anything wrong with that. Good. > > > > Let other people create systems and the ownership of those system records > will go to them. > > > This is where I'm getting confused. > > Can you show me what my modules.conf, users.conf and cobbler.conf > files should look like to implement the following. I'm totally > misunderstanding what you're trying to get me to do. > > > Let's reset... you keep pasting what you are trying to do. I've read > that. Let's instead discuss exactly what behavior are you seeing and full > contents of your /current/ config files for users.conf, modules.conf and the > Apache config. We can go from there. > > Also, if you can, trry to explain without using the phrase "it doesn't > work", but instead saying exactly what you are seeing and what you expect to > see in what case... > > > Allow users listed in user.conf [admins] section to do everything, but > for everyone else: > allow > list on distros, profiles, repos, kickstarts > list/copy/modify/new/remove/save on systems > deny > everything else (copy/modify/new/remove/save) on distros, > profiles, repos, kickstarts > > > > > > > On Thu, Aug 13, 2009 at 9:36 AM, Michael DeHaan<[email protected]> wrote: > > > On 08/13/2009 12:33 PM, Paul Company wrote: > > You can't prevent new systems, but ... > > > I don't understand this statement. > > > You cannot currently prevent authenticated users from creating new system > records. > > I want everyone who passes the authentication phase to edit systems. > > > This is the way it presently works. > > I just want to lock everyone, but admins, out of distros, profiles, and > repos. > > > Yes, this is easy, just assign admin ownership to them and do not list other > users in the ownership fields > for those things. > > I still don't know if that's possible. > > > It is. > > I feel like I'm communicating clearly what I want to do. > Here is what I want to do: > > Allow users listed in user.conf [admins] section to do everything, but > for everyone else: > allow > list on distros, profiles, repos, kickstarts > list/copy/modify/new/remove/save) on systems > deny > everything else (copy/modify/new/remove/save) on distros, > profiles, repos, kickstarts > > Can this be done? > Yes or No > > > Yes. > > > If yes, how do you do it? > > > Assign ownership of the distro/profile/repo objects to your admin group > only. > Let other people create systems and the ownership of those system records > will go to them. > > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > > > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
