`admins` group instead of `domain admins`

cockpit

(Stéphane de Labrusse) #1

I tried to play with cockpit for a nethserver-cockpit-delegation like, all users I add to the group domain admins have no administrative rights, only members of the group admins could be eventually granted to administrative tasks, see https://github.com/NethServer/nethserver-cockpit/blob/master/root/etc/nethserver/cockpit/authorization/roles.json#L2

After that even if you create a group admins the users belong to this group cannot be admin, you must create a sudoers file

probably a dirty hack

[root@ns7loc14 ~]# cat  /etc/sudoers.d/30_cockpit_admins
Cmnd_Alias ADMINS = /usr/libexec/nethserver/api/*/*,/sbin/e-smith/validate

%admins ALL=NOPASSWD: ADMINS

# server-manager does not require a tty
Defaults:%admins !requiretty

cc @giacomo @edoardo_spadoni


Admins group cannot list applications
(Giacomo Sanchietti) #2

I understand what are you trying to do, but I can’t get what is the problem.

Is this related to Cockpit: admins group cannot list applications?


(Stéphane de Labrusse) #3

Obviously my interrogations comes from that the admin user is belong the group domain admins but in cockpit, the role is made for the group admins, moreover it miss the sudoers file for the group admins

Just to avoid future issues, I would prefer to be consistent

  • put the admin user to admins or create a role for the group domain admins
  • create a sudoers file for the admin group, same for domain admins if we create a role for it.

(Giacomo Sanchietti) #4

I agree, I also don’t have a preference for “admins” vs “domain admins”.

What do you prefer?

/cc @dev_team


(Stéphane de Labrusse) #5

I am a lazzy developer, admins will lower the future headache in development … saying that, for backward compatibility, we should follow what we have.


(Davide Principi) #6

I’m not aligned with cockpit developments. I just want to say that the “admins” key has to be honored, according to

http://docs.nethserver.org/en/v7/accounts.html#admin-account

See also https://github.com/NethServer/nethserver-sssd/commits/master/root/etc/e-smith/db/configuration/defaults/admins