diff options
| author | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:51:46 -0700 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2013-03-27 12:52:58 -0700 |
| commit | f6c63bdb2be5ccc0c6133bf87025d37805579005 (patch) | |
| tree | c027fed89455b36e386722a63cce9c77d90ebffa /server | |
| parent | b273cc907951a8b7dfcd4095ab58b6ae74c7d87e (diff) | |
Allow owners of objects to destroy them by default
Owners of wallet objects are now allowed to destroy them. In previous
versions, a special destroy ACL had to be set and the owner ACL wasn't
used for destroy actions, but operational experience at Stanford has
shown that letting owners destroy their own objects is a better model.
Change-Id: I0e97d7a000e62cf5321add7b44140db6edc6769f
Reviewed-on: https://gerrit.stanford.edu/973
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'server')
| -rwxr-xr-x | server/keytab-backend | 2 | ||||
| -rwxr-xr-x | server/wallet-backend | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/server/keytab-backend b/server/keytab-backend index e45aba2..b0116c7 100755 --- a/server/keytab-backend +++ b/server/keytab-backend @@ -152,7 +152,7 @@ __END__ =for stopwords keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld -auth Allbery rekeying +auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense =head1 NAME diff --git a/server/wallet-backend b/server/wallet-backend index 9d45982..fc3434e 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -335,7 +335,7 @@ __END__ =for stopwords wallet-backend backend backend-specific remctld ACL acl timestamp getacl setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery -autocreate +autocreate MERCHANTABILITY NONINFRINGEMENT sublicense =head1 NAME @@ -386,9 +386,9 @@ C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL depending on whether one is setting or retrieving the comment. If the appropriate ACL is set, it alone is checked to see if the user has access. -Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, C<history>, -and C<comment> access is permitted if the user is authorized by the owner -ACL of the object. +Otherwise, C<destroy>, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, +C<history>, and C<comment> access is permitted if the user is authorized +by the owner ACL of the object. Administrators can run any command on any object or ACL except for C<get> and C<store>. For C<get> and C<store>, they must still be authorized by |