Description of problem:
In my environment I have a few different machines with cockpit on them. one of the machines has asterisk on it and runs a ftp server so that my polycom phones can get their ftp configs. I have ftp firewalled off to the outside wall and configured ssh on that machine to not allow that user to ssh in. I use freeipa for propagating users to different machines.
I think I had miss understood the copy user configuration option in cockpit, I thought it would copy to the other machines the info about the hosts that cockpit knows about so if i log into any machine it will have all the hosts and I would not have to add them all again.
Because of the copying of the user spammers were able to use a server to send a lot of spam.
I think that option should be removed, at the least it needs to be much clearer about what it is doing and not leave things up to user interpretation.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Peter is working on this as part of this:
Is this a security issue or a documentation issue?
It probably should have been better documented but instead we are reworking the UI to allow selection of which users to copy instead of copying them all automatically.
You can follow the upstream work here:
If it's okay with you I'll remove the security status of this bug, then, and call it a documentation problem (no CVE).
I think that makes sense.
This was fixed upstream. Should be in the next release
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.