system: deny reading other user's authorised keys I believe that users should not be able to peek at each other authentication details (authorised keys and date of last change). Change-Id: I6c158f0727e3f8edcdbd1028066bd09ecb31bced

commit: 3414e43de1cc6dd332d67dcaf2c371e081f634dd [log] [tgz]
author: Tomáš Pecka <tomas.pecka@cesnet.cz> Wed Jan 17 19:11:39 2024 +0100
committer: Tomáš Pecka <tomas.pecka@cesnet.cz> Thu Jan 18 12:19:25 2024 +0100
tree: 4c1a49ddebbda7d2932c36112604eb6dad62784a
parent: 24b5483ff527112a278959068c65bc4ba8468eaa [diff] [blame]
diff --git a/yang/czechlight-authentication.json b/yang/czechlight-authentication.json
index d291970..6604b16 100644
--- a/yang/czechlight-authentication.json
+++ b/yang/czechlight-authentication.json

@@ -8,8 +8,8 @@
         ],
         "rule": [
           {
-            "name": "Allow executing actions of current user",
-            "access-operations": "exec",
+            "name": "Allow reading and executing actions in the context of the current user",
+            "access-operations": "exec read",
             "module-name": "czechlight-system",
             "action": "permit",
             "path": "/czechlight-system:authentication/users[name=$USER]"
commit	3414e43de1cc6dd332d67dcaf2c371e081f634dd	[log] [tgz]
author	Tomáš Pecka <tomas.pecka@cesnet.cz>	Wed Jan 17 19:11:39 2024 +0100
committer	Tomáš Pecka <tomas.pecka@cesnet.cz>	Thu Jan 18 12:19:25 2024 +0100
tree	4c1a49ddebbda7d2932c36112604eb6dad62784a
parent	24b5483ff527112a278959068c65bc4ba8468eaa [diff] [blame]