diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-10-10 13:57:02 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-10-10 13:57:02 +0100 |
commit | a9d1bbbbd1a91981a40efc606286c640cb997a5b (patch) | |
tree | 513759ee4ff812667c5520ca203f29b3ca1e1a8f | |
parent | bbebd5eee0ec798820b28fa3789fd6cc1e6f6eb4 (diff) | |
download | gitano-a9d1bbbbd1a91981a40efc606286c640cb997a5b.tar.gz |
A little default configuration tidying
-rw-r--r-- | skel/gitano-admin/rules/aschecks.lace | 7 | ||||
-rw-r--r-- | skel/gitano-admin/rules/defines.lace | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/skel/gitano-admin/rules/aschecks.lace b/skel/gitano-admin/rules/aschecks.lace index 3623709..eacd69c 100644 --- a/skel/gitano-admin/rules/aschecks.lace +++ b/skel/gitano-admin/rules/aschecks.lace @@ -1,7 +1,8 @@ # Rules for when we're running as another user. -# Only 'deny' things which are not allowed. -# If you 'allow' then it will allow the actual operation, not just -# fail to deny the fact that it's 'as' someone else. + +# Only 'deny' things which are not allowed. If you 'allow' then it will allow +# the actual operation, not just fail to deny the fact that it's 'as' someone +# else. define as_is_admin as_group gitano-admin diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace index 64af8ca..91c0a28 100644 --- a/skel/gitano-admin/rules/defines.lace +++ b/skel/gitano-admin/rules/defines.lace @@ -9,6 +9,7 @@ define if_asanother as_user ~. # Self-related operations define op_whoami operation whoami define op_sshkey operation sshkey +define op_self anyof op_whoami op_sshkey # Admin-related operations |