Comment 3 for bug 621416

Revision history for this message
James Westby (james-w) wrote : Re: [Bug 621416] Re: cannot disable something for everyone except a group

On Sat, 21 Aug 2010 11:07:25 -0000, Thomas NOEL <email address hidden> wrote:
> Thanks @James,
>
> Yes, I tried. The problem, I think, is the algorithm (man
> pklocalauthority) : « First, the user of the Subject is determined and
> the groups that the user belongs are looked up. For each group identity,
> the authorization entries are consulted in order. (...) Finally, the
> authorization entries are consulted using the user identity in the same
> manner. (...) Note that processing continues even after a match. »
>
> I thought I could ban all users (unix-user:*) and authorize a group
> (unix-group:hibersus). But I can not : it is the prohibition of all
> users that will be taken into account at the end of the process... The
> order (user/group) does not matter.
>
> If someone has another idea ... I can test ;)

Try disabling for all groups, then enabling for a single group?

Thanks,

James