We have a number of Red Hat patch catalogs that are configured in offline mode. To better support them we recently stood up a new RHEL helper server to act as both the payload and repo source. I'm interested in granting permissions to this server in as limited a way as possible, but haven't found specific guidance. I have attempted to configure it using the file server instructions, but without fail I get the 'no authorization to access host' error.
The only way I've been able to get patch analysis to work is to grant rw,map=root access to individual roles. I'd like to accomplish any or all of the following:
1. Not have to add individual roles into our users.local file. Using "system:system rw,map=root" did not work.
2. If I have to use individual roles, I'd like to restrict them to the repo dirs. I've attempted to use the rootdir option, but when I do (e.g., "role:* rw,rootdir=/repomain,map=root") I get an error stating it can't find the tar.gz file that's located in a repomain subdir with 644 perms and is owned by root.
3. Map to an account other than root. I've tried using blfsuser (e.g., "role:* rw,map=blfsuser), but get the "no authorization..." error. I've verified all repomain files and dirs are owned by blfsuser and are set to 644.
Any and all suggestions are welcome and appreciated.
any role that will run the cuj, possibly analysis and deploys will need access to read the server object and read the patches on the file system.
you shouldn't need to map to root.