[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
It's possible to turn this off with a site var:
general/joinproject/admincheck
... though we don't recommend it - the idea is that there are enough
things that project members can do that having a non-admin in a project
with admins might make it possible for the non-admin to escalate his
privileges and gain admin access.
Thus spake Jonathan Walsh on Mon, Jul 27, 2009 at 10:02:56AM -0400:
> The newest version of the Emulab SW does not allow users who are not
> admins be in the same projects as users who are admins. If I recall
> correctly the reason for this was it would allow non-admins to get admin
> keys, etc.
>
> -Jonathan
>
>
> Elkins, Michael wrote:
> > I???m running into a problem with trying to add the first non-admin user
> > created via the ???Join Project??? link on the web interface in Emulab 5.0.
> >
> > First, I see this email sent to testbed-ops:
> >
> > Subject: WEB ERROR REPORT
> >
> > In /joinproject.php3
> >
> > New user 'testuser' attempted to join project 'xxx'
> >
> > which would create a mix of admin and non-admin users
> >
> >
> > Thanks,
> >
> > Testbed WWW
> >
> > After the user verifies the email address via the web interface, I get
> > this email:
> >
> > tbacct verify testuser
> >
> > Invoked by nobody (Unprivileged user)
> >
> >
> > --------- /tmp/tbacct.VrJ3Nv --------
> >
> > No group membership for testuser; using the guest group!
> >
> >
> > At this point when the project_root for the project goes to approve
> > users, the web interface says there are no users awaiting approval.
> > However, I do see a user waiting when I look at the mysql database:
> >
> > mysql> select uid,status from users;
> >
> > +----------+------------+
> >
> > | uid | status |
> >
> > +----------+------------+
> >
> > | elabman | active |
> >
> > | elabckup | active |
> >
> > | melkins | active |
> >
> > | testuser | unapproved |
> >
> > +----------+------------+
> >
> > 4 rows in set (0.00 sec)
> >
> > This is a fresh install of the emulab-080901 software.
> >
> > Any hints would be appreciated.
> >
> > Thanks,
> >
> > Michael
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Testbed-admins mailing list
> > Testbed-admins@flux.utah.edu
> > http://www.flux.utah.edu/mailman/listinfo/testbed-admins
>
> _______________________________________________
> Testbed-admins mailing list
> Testbed-admins@flux.utah.edu
> http://www.flux.utah.edu/mailman/listinfo/testbed-admins
--
/-----------------------------------------------------------
| Robert P Ricci <ricci@cs.utah.edu> | <ricci@flux.utah.edu>
| Research Associate, University of Utah Flux Group
| www.flux.utah.edu | www.emulab.net
\-----------------------------------------------------------