[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Testbed-admins] How to add more Emulab admin account
- To: "chunhui Zhang(Evan)" <chyz198@gmail.com>
- From: Leigh Stoller <stoller@flux.utah.edu>
- Subject: Re: [Testbed-admins] How to add more Emulab admin account
- Date: Tue, 15 Dec 2009 10:17:17 -0800
I tried to request a user account in 'emulab-ops' project at our
site and it is not allowed. Actually this user is intend to be
other admin here.
What should I do to make it happen or the general way to maintain
Emulab is just with one root admin?
First off, are you seeing an email message to your tbops list
like this:
>> Subject: WEB ERROR REPORT
>> In /joinproject.php3
>> New user 'testuser' attempted to join project 'xxx'
>> which would create a mix of admin and non-admin users
If so, then you have run into a security feature; Emulab does not
allow users who are not admins be in the same projects as users who
are admins. The idea is that there are enough things that project
members can do that having a non-admin in a project with admins might
make it possible for the non-admin to escalate his privileges and gain
admin access.
We have this enabled because we have 1000s of users we do not know,
and this is just safer. Some sites elect to turn this off because
their user base is more tightly controlled. If you want to turn this
off, add this lines to your defs file:
ISOLATEADMINS=0
Then reconfig, rebuild, reinstall ...
If you decide you want to keep ISOLATEADMINS turned on, then I can
describe the process for bypassing it. But its a little cumbersome,
and hard to explain. :-)
Lbs