On Tue, Nov 24, 2015 at 10:25:11AM +0100, Winfried de Heiden wrote:
>Hi all,
>
>sss_debuglevel 6; in /var/log/sss/sssd_pam.log
>
>Running as "testuser" crond is denied; perfecr since it is not listed in
>the HBAC services.
>
>[testuser@fedora23-server ~]$ crontab -l
>You
Hi all,
Running as an ordinary user, straight from the beginning.
Is the (default) suid of/usr/bin/su causing this?
Anyway: the info requested:
/var/log/secure will tell:
Nov 24 11:04:11 fedora23-server su:
On Tue, Nov 24, 2015 at 11:10:11AM +0100, Winfried de Heiden wrote:
>Hi all,
>
>Running as an ordinary user, straight from the beginning.
>
>Is the (default) suid of/usr/bin/su causing this?
>
>Anyway: the info requested:
>
>/var/log/secure will tell:
>Nov 24
Hi all,
sss_debuglevel 6; in /var/log/sss/sssd_pam.log
Running as "testuser" crond is denied; perfecr since it is not
listed in the HBAC services.
[testuser@fedora23-server ~]$ crontab -l
You (testuser) are not allowed to access
On Tue, Nov 24, 2015 at 11:10:11AM +0100, Winfried de Heiden wrote:
>Hi all,
>
>Running as an ordinary user, straight from the beginning.
>
>Is the (default) suid of/usr/bin/su causing this?
>
>Anyway: the info requested:
>
>/var/log/secure will tell:
>Nov 24
Hi all,
The problem is clear, there is a misunderstanding of the service "su"
and "su-l", this is about the target users. Hence; su - to user winfried
is allowed since su and su-l are added to the hbac service list of this
user.
This looks a bit strange from the ui perspective, all other
On Tue, 24 Nov 2015, Winfried de Heiden wrote:
Hi all,
The problem is clear, there is a misunderstanding of the service "su"
and "su-l", this is about the target users. Hence; su - to user
winfried is allowed since su and su-l are added to the hbac service
list of this user.
This looks a
On Tue, Nov 24, 2015 at 12:58:42PM +0100, Winfried de Heiden wrote:
> Hi all,
>
> [winfried@ipa ~]$ ipa hbacrule-show allow_all
> Rule name: allow_all
> User category: all
> Host category: all
> Service category: all
> Description: Allow all users to access any host from any host
>
Hi all,
I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
# ipa hbacrule-show testuser
Rule name: testuser
Enabled: TRUE
Users: testuser
Hosts: fedora23-server.blabla.bla
Services: sshd
Hence, "
On Mon, Nov 23, 2015 at 04:55:31PM +0100, Winfried de Heiden wrote:
>Hi all,
>
>I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
>
># ipa hbacrule-show testuser
> Rule name: testuser
> Enabled: TRUE
> Users: testuser
> Hosts:
On Mon, Nov 23, 2015 at 05:16:26PM +0100, Jakub Hrozek wrote:
> On Mon, Nov 23, 2015 at 04:55:31PM +0100, Winfried de Heiden wrote:
> >Hi all,
> >
> >I created some hbac rule on freeipa-server 4.1.4 on Fedora 22
> >
> ># ipa hbacrule-show testuser
> > Rule name: testuser
> >
11 matches
Mail list logo