1 Reply Latest reply on Feb 3, 2016 3:35 PM by Bill Robinson

    Configuring repo server ACLs

    Drew Trachy

      We have a number of Red Hat patch catalogs that are configured in offline mode. To better support them we recently stood up a new RHEL helper server to act as both the payload and repo source. I'm interested in granting permissions to this server in as limited a way as possible, but haven't found specific guidance. I have attempted to configure it using the file server instructions, but without fail I get the 'no authorization to access host' error.


      Configuring the file server agent ACLs - BMC Server Automation 8.6 - BMC Documentation


      The only way I've been able to get patch analysis to work is to grant rw,map=root access to individual roles. I'd like to accomplish any or all of the following:


      1. Not have to add individual roles into our users.local file. Using "system:system rw,map=root" did not work.


      2. If I have to use individual roles, I'd like to restrict them to the repo dirs. I've attempted to use the rootdir option, but when I do (e.g., "role:* rw,rootdir=/repomain,map=root") I get an error stating it can't find the tar.gz file that's located in a repomain subdir with 644 perms and is owned by root.


      3. Map to an account other than root. I've tried using blfsuser (e.g., "role:* rw,map=blfsuser), but get the "no authorization..." error. I've verified all repomain files and dirs are owned by blfsuser and are set to 644.


      Any and all suggestions are welcome and appreciated.