We have a number of Red Hat patch catalogs that are configured in offline mode. To better support them we recently stood up a new RHEL helper server to act as both the payload and repo source. I'm interested in granting permissions to this server in as limited a way as possible, but haven't found specific guidance. I have attempted to configure it using the file server instructions, but without fail I get the 'no authorization to access host' error.
The only way I've been able to get patch analysis to work is to grant rw,map=root access to individual roles. I'd like to accomplish any or all of the following:
1. Not have to add individual roles into our users.local file. Using "system:system rw,map=root" did not work.
2. If I have to use individual roles, I'd like to restrict them to the repo dirs. I've attempted to use the rootdir option, but when I do (e.g., "role:* rw,rootdir=/repomain,map=root") I get an error stating it can't find the tar.gz file that's located in a repomain subdir with 644 perms and is owned by root.
3. Map to an account other than root. I've tried using blfsuser (e.g., "role:* rw,map=blfsuser), but get the "no authorization..." error. I've verified all repomain files and dirs are owned by blfsuser and are set to 644.
Any and all suggestions are welcome and appreciated.