Project

General

Profile

Actions

Bug #10544

open

It's not possible to add a user to group operator using the gui

Added by Craig Leres over 4 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
User Manager / Privileges
Target version:
-
Start date:
05/09/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.6
Affected Architecture:

Description

I wanted to create a backup user that could dump the filesystem. I used the gui to create group operator which created an additional operator group with gid 2002.

I think the way to fix this is to check for a system (/etc/group) gid before assigning a completely new one.

Actions #1

Updated by Craig Leres over 4 years ago

Here's a pull request that implements my fix: #4314

Actions #2

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review

Need to think on this a bit. It seems OK from a technical point of view, but security-wise, I'm not so certain. It may be too easy for an admin to unintentionally grant someone elevated shell privileges by using a special existing group name without realizing what they are doing.

Actions #3

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to New
  • Assignee set to Renato Botelho
Actions #4

Updated by Renato Botelho over 2 years ago

  • Assignee deleted (Renato Botelho)
Actions

Also available in: Atom PDF