[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0

To: Robert P Ricci <ricci@cs.utah.edu>
From: Leigh Stoller <stoller@flux.utah.edu>
Subject: Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
Date: Mon, 27 Jul 2009 10:50:46 -0700

It's possible to turn this off with a site var:
    general/joinproject/admincheck

... though we don't recommend it - the idea is that there are enough
things that project members can do that having a non-admin in a
project with admins might make it possible for the non-admin to
escalate his privileges and gain admin access.


Locally we deal with this by having alter-egos that do not have
admin privs. These are the accounts we use when we need to be a
member of a project that includes non-admin people.

We are probably more worried about this then others might, cause we
have so many users from so many places, most of whom we do not know.
Extra caution is good.

Lbs

Follow-Ups:
- Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
  - From: "Elkins, Michael" <Michael.Elkins@cobham.com>

References:
- [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
  - From: "Elkins, Michael" <Michael.Elkins@cobham.com>
- Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
  - From: Jonathan Walsh <jonathan.d.walsh@lmco.com>
- Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
  - From: Robert P Ricci <ricci@cs.utah.edu>

Prev by Date: Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
Next by Date: Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
Previous by thread: Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
Next by thread: Re: [Testbed-admins] problem adding the first non-admin user in Emulab 5.0
Index(es):
- Date
- Thread