A little default configuration tidying

author: Daniel Silverstone <dsilvers@digital-scurf.org> 2012-10-10 13:57:02 +0100
committer: Daniel Silverstone <dsilvers@digital-scurf.org> 2012-10-10 13:57:02 +0100
commit: a9d1bbbbd1a91981a40efc606286c640cb997a5b (patch)
tree: 513759ee4ff812667c5520ca203f29b3ca1e1a8f /skel
parent: bbebd5eee0ec798820b28fa3789fd6cc1e6f6eb4 (diff)
download: gitano-a9d1bbbbd1a91981a40efc606286c640cb997a5b.tar.gz
2 files changed, 5 insertions, 3 deletions
diff --git a/skel/gitano-admin/rules/aschecks.lace b/skel/gitano-admin/rules/aschecks.lace
index 3623709..eacd69c 100644
--- a/skel/gitano-admin/rules/aschecks.lace
+++ b/skel/gitano-admin/rules/aschecks.lace
@@ -1,7 +1,8 @@
 # Rules for when we're running as another user.
-# Only 'deny' things which are not allowed.
-# If you 'allow' then it will allow the actual operation, not just
-# fail to deny the fact that it's 'as' someone else.
+
+# Only 'deny' things which are not allowed.  If you 'allow' then it will allow
+# the actual operation, not just fail to deny the fact that it's 'as' someone
+# else.
 
 define as_is_admin as_group gitano-admin
 
diff --git a/skel/gitano-admin/rules/defines.lace b/skel/gitano-admin/rules/defines.lace
index 64af8ca..91c0a28 100644
--- a/skel/gitano-admin/rules/defines.lace
+++ b/skel/gitano-admin/rules/defines.lace
@@ -9,6 +9,7 @@ define if_asanother as_user ~.
 # Self-related operations
 define op_whoami operation whoami
 define op_sshkey operation sshkey
+define op_self anyof op_whoami op_sshkey
 
 # Admin-related operations
author	Daniel Silverstone <dsilvers@digital-scurf.org>	2012-10-10 13:57:02 +0100
committer	Daniel Silverstone <dsilvers@digital-scurf.org>	2012-10-10 13:57:02 +0100
commit	a9d1bbbbd1a91981a40efc606286c640cb997a5b (patch)
tree	513759ee4ff812667c5520ca203f29b3ca1e1a8f /skel
parent	bbebd5eee0ec798820b28fa3789fd6cc1e6f6eb4 (diff)
download	gitano-a9d1bbbbd1a91981a40efc606286c640cb997a5b.tar.gz