Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: SSH: ACL to support user as self even when on shared domain #12078

Open
sloane-ts opened this issue May 9, 2024 · 0 comments
Open

FR: SSH: ACL to support user as self even when on shared domain #12078

sloane-ts opened this issue May 9, 2024 · 0 comments
Labels
fr Feature request needs-triage

Comments

@sloane-ts
Copy link

What are you trying to do?

User would like to be able to allow a specific group of users on the tailnet SSH access. The users are defined as under a specific domain, however, they have a GitHub org tailnet and are unable to use localpart:*@<domain> because it is a shared domain.

Example:

{
"action": "accept",
"src": ["group:platform"],
"dst": ["tag:prod"],
"users": ["localpart:*@xyz.org.github"]
}

Error: [ssh] symphonyfs.org.github is a shared domain and cannot be used in user:*@<domain> expressions

How should we solve this?

Something like autogroup:self, or a representation of self as the user.

What is the impact of not solving this?

The option left is to use autogroup:nonroot. This allows users to login to any machine as any user, and doesn't specify access based on the user's domain/username.

Anything else?

No response
@sloane-ts sloane-ts added needs-triage fr Feature request labels May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fr Feature request needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sloane-ts