Ticket #15 (new enhancement)

Opened 3 years ago

Last modified 1 year ago

More flexible use of netgroups

Reported by: dws@ee.ethz.ch Assigned to: athomas
Priority: normal Component: op
Severity: normal Keywords:
Cc:

Description

Hi,

At our site we manage different groups of hosts with different local sysadmins. We mark every host with a netgroup. What I would like to do is allow a certain user to execute a given command only on hosts of a given group. Right now it is only possible to allow the whole netgroup (which contains only hosts at our site).

I was thinking of something like this:

ISG_ADMINS=dws ISG_ACCESS=ISG_ADMINS@NETGROUP:HOST:isg_t test ...

users=ISG_ACCESS

... that is NETGROUP:HOST:xy would be then expanded to a regexp containing all the hosts in that netgroup. What do you think?

Thanks David

Attachments

Change History

06/16/05 05:35:06 changed by dws@ee.ethz.ch

Another possibility, which is parhaps easier to implement and also faster (wouldn't need to list the netgroups) would be the addition of an additional parameter: netgroup_users, which would act like users but would be an additional check to netgroup (i.e. netgroup _and_ netgroup_users must match). Then the above could be written as: 

ISG_ADMINS=dws
test ...
  netgroup=isg_t
  netgroup_users=ISG_ADMINS

06/16/05 05:39:02 changed by dws@ee.ethz.ch

hmmm... the problem of the above syntax is that this works only for one group: you can't give access to a user in a given netgroup and another user in another netgroup.

Add/Change #15 (More flexible use of netgroups)




Change Properties
Action