stephdl
(Stéphane de Labrusse)
January 2, 2019, 5:12pm
1
I tried to play with cockpit for a nethserver-cockpit-delegation
like, all users I add to the group domain admins
have no administrative rights, only members of the group admins
could be eventually granted to administrative tasks, see https://github.com/NethServer/nethserver-cockpit/blob/master/root/etc/nethserver/cockpit/authorization/roles.json#L2
After that even if you create a group admins
the users belong to this group cannot be admin, you must create a sudoers file
probably a dirty hack
[root@ns7loc14 ~]# cat /etc/sudoers.d/30_cockpit_admins
Cmnd_Alias ADMINS = /usr/libexec/nethserver/api/*/*,/sbin/e-smith/validate
%admins ALL=NOPASSWD: ADMINS
# server-manager does not require a tty
Defaults:%admins !requiretty
cc @giacomo @edoardo_spadoni
giacomo
(Giacomo Sanchietti)
January 7, 2019, 10:07am
2
I understand what are you trying to do, but I can’t get what is the problem.
Is this related to Cockpit: admins group cannot list applications ?
stephdl
(Stéphane de Labrusse)
January 7, 2019, 10:47am
3
Obviously my interrogations comes from that the admin user is belong the group domain admins
but in cockpit, the role is made for the group admins
, moreover it miss the sudoers file for the group admins
Just to avoid future issues, I would prefer to be consistent
put the admin user to admins
or create a role for the group domain admins
create a sudoers file for the admin group, same for domain admins
if we create a role for it.
1 Like
giacomo
(Giacomo Sanchietti)
January 7, 2019, 5:12pm
4
I agree, I also don’t have a preference for “admins” vs “domain admins”.
What do you prefer?
/cc @dev_team
stephdl
(Stéphane de Labrusse)
January 7, 2019, 5:16pm
5
giacomo:
What do you prefer?
I am a lazzy developer, admins
will lower the future headache in development … saying that, for backward compatibility, we should follow what we have.
1 Like
davidep
(Davide Principi)
January 7, 2019, 8:47pm
6
1 Like