I would like to present the team work we did on the delegation part, first thank to @giacomo and @edoardo_spadoni for their supports and tips
the delegation of roles is group based,
root and members of
domains admin group should have the full access permission, other groups are at the beginning only granted to the dashboard, settings (only password change) and about pages.
The only difference between
root and the
domains admin group is about the delegation part, only
root can delegate the roles, we worried about permission escalation if other administrators can grant permission to another group.
Inside the group panel you have two drop down menu like you can see on the screenshots
delegation for sysadmins group
we made a wiki page for those who want to dive inside more
- Install nethserver-cockpit from testing with either samba AD or openldap
- Create a group and delegate roles
- API are pushed to the sudoers file
/etc/sudoers.d/30_nethserver_cockpit_roles once saved
- Roles are saved in
I get this:
→ Running transaction check
—> Package nethserver-cockpit.noarch 0:0.3.0-1.73.g9083c4b.ns7 will be installed
nethserver-testing/7/x86_64/filelists_db | 197 kB 00:00:00
→ Processing Dependency: nethserver-subscription for package: nethserver-cockpit-0.3.0-1.73.g9083c4b.ns7.noarch
→ Processing Dependency: nethserver-cockpit-lib for package: nethserver-cockpit-0.3.0-1.73.g9083c4b.ns7.noarch
→ Processing Dependency: /usr/libexec/nethserver/api/lib/helper_functions.pl for package: nethserver-cockpit-0.3.0-1.73.g9083c4b.ns7.noarch
Error: requested datatype filelists not available
Must be an offending repo (my bad). When I issue the below, all is fine.
yum install nethserver-cockpit --disablerepo=* --enablerepo=nethserver-testing
Hi Steph, I would like to test this package.
I know it has been widely tested and it’s ready for deploy also on Enterprise machines.
I cannot find instructions on how to install this package, could you please provide me instructions about how to install delegation?
I would like to use it to leave customers access with an admin user, but I want to hide “Software Center”, to avoid installation of packages that could cause the server to crash, or packages that this customer must not use.
It is part of nethserver-cockpit, no additional package.
To use it follow directions from documentation.