mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
4fd89833ee
Add the apache user the ipawebui group. Make the ccaches directory owned by the ipawebui group and make mod_auth_gssapi write the ccache files as r/w by the apache user and the ipawebui group. Fix tmpfiles creation ownership and permissions to allow the user to access ccaches files. The webui framework now works as a separate user than apache, so the certs used to access the dogtag instance need to be usable by this new user as well. Both apache and the webui user are in the ipawebui group, so use that. https://fedorahosted.org/freeipa/ticket/5959 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
41 lines
1.4 KiB
Plaintext
41 lines
1.4 KiB
Plaintext
<!DOCTYPE busconfig PUBLIC
|
|
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
|
|
<busconfig>
|
|
<!-- Only root can own (provide) the com.redhat.idm.trust service
|
|
on the system bus. -->
|
|
<policy user="root">
|
|
<allow own="com.redhat.idm.trust"/>
|
|
<allow send_destination="com.redhat.idm.trust"
|
|
send_path="/"
|
|
send_interface="com.redhat.idm.trust"
|
|
send_member="fetch_domains"/>
|
|
</policy>
|
|
|
|
<!-- Allow anyone to call the introspection methods of the "/" object
|
|
provided by the com.redhat.idm.trust service. -->
|
|
<policy context="default">
|
|
<allow send_destination="com.redhat.idm.trust"
|
|
send_path="/"
|
|
send_interface="org.freedesktop.DBus.Introspectable"
|
|
send_member="Introspect"/>
|
|
<allow send_destination="com.redhat.idm.trust"
|
|
send_path="/"
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
send_member="GetAll"/>
|
|
<allow send_destination="com.redhat.idm.trust"
|
|
send_path="/"
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
send_member="Get"/>
|
|
</policy>
|
|
|
|
<policy user="ipaapi">
|
|
<allow send_destination="com.redhat.idm.trust"
|
|
send_path="/"
|
|
send_interface="com.redhat.idm.trust"
|
|
send_member="fetch_domains"/>
|
|
</policy>
|
|
|
|
</busconfig>
|