Mailinglist Archive: opensuse (817 mails)

< Previous Next >
Re: [opensuse] yast access restrictions
On Tue, 24 Jul 2012 18:35:24 Rodney Baker wrote:
On Tue, 24 Jul 2012 07:51:28 Carlos E. R. wrote:
On 2012-07-22 22:47, lynn wrote:
On 22/07/12 22:23, Carlos E. R. wrote:
On the contrary. It's more or less in place already. Samba4 has OU,
GPO LDAP and Kerberos out of the box. Even openLDAP has a schema for
Samba3.

For Windows machines, not Linux machines.

Nope. Yast already caters for the openLDAP schema which include both
windows and Linux machines. OU, LDAP backends and Krb5 are all there.
It's a closely guareded Yast secret because most of us have no idea
what the yast Samba Server module can do.

I don't believe that the tools and the definitions to change the ACLs of
all the files involved in, for example, NFS client configuration, are
there, even if you have a working ldap database. Control the permissions
to log in Linux, yes. Finely control the permissions to do somethings
only, no.

What about AppArmour? Can't that do it?

Nevermind - it appears not (I just had a look). But I'm pretty sure SELinux
has a mechanism to do this. It's been a long time since I played with it,
though.


If such a thing existed, I'm sure someone of the yast or suse teams would
pop in and say "yes, we have that".

Maybe time for a feature request?

--
==========================================================================
Rodney Baker VK5ZTV
rodney.baker@xxxxxxxxxxxx
==========================================================================
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups