diff options
Diffstat (limited to 'skel')
| -rw-r--r-- | skel/gitano-admin/rules/aschecks.lace | 7 | ||||
| -rw-r--r-- | skel/gitano-admin/rules/defines.lace | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/skel/gitano-admin/rules/aschecks.lace b/skel/gitano-admin/rules/aschecks.lace index 3623709..eacd69c 100644 --- a/skel/gitano-admin/rules/aschecks.lace +++ b/skel/gitano-admin/rules/aschecks.lace @@ -1,7 +1,8 @@ # Rules for when we're running as another user. -# Only 'deny' things which are not allowed. -# If you 'allow' then it will allow the actual operation, not just -# fail to deny the fact that it's 'as' someone else. + +# Only 'deny' things which are not allowed. If you 'allow' then it will allow +# the actual operation, not just fail to deny the fact that it's 'as' someone +# else. define as_is_admin as_group gitano-admin diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace index 64af8ca..91c0a28 100644 --- a/skel/gitano-admin/rules/defines.lace +++ b/skel/gitano-admin/rules/defines.lace @@ -9,6 +9,7 @@ define if_asanother as_user ~. # Self-related operations define op_whoami operation whoami define op_sshkey operation sshkey +define op_self anyof op_whoami op_sshkey # Admin-related operations |