reserver role root for superuser

And remove quser role for now (I guess we can detect that role automatically)

diff --git a/PMG/UserConfig.pm b/PMG/UserConfig.pm
index f34aab93a96108c66269133725b29e2bf42c4815..592b894b26ad1b42eede030d8c41b398c4fdab7f 100644 (file)
--- a/PMG/UserConfig.pm
+++ b/PMG/UserConfig.pm
@@ -72,9 +72,9 @@ our $schema = {
            optional => 1,
        },
        role => {
-           description => "User role.",
+           description => "User role. Role 'root' is reseved for the Unix Superuser.",
            type => 'string',
-           enum => ['root', 'admin', 'qmanager', 'quser', 'audit'],
+           enum => ['root', 'admin', 'qmanager', 'audit'],
        },
        firstname => {
            description => "First name.",
@@ -174,6 +174,8 @@ sub read_user_conf {
                eval {
                    $verity_entry->($d);
                    $cfg->{$d->{userid}} = $d;
+                   die "role 'root' is reserved\n"
+                       if $d->{role} eq 'root' && $d->{userid} ne 'root@pmg';
                };
                if (my $err = $@) {
                    warn "$filename: $err";
@@ -212,6 +214,9 @@ sub write_user_conf {
        eval {
            $verity_entry->($d);
            $cfg->{$d->{userid}} = $d;
+
+           die "role 'root' is reserved\n"
+               if $d->{role} eq 'root' && $d->{userid} ne 'root@pam';
        };
        if (my $err = $@) {
            die $err;