Bug 154176 - Switch to normal user in DS console still allows certain admin tasks
Switch to normal user in DS console still allows certain admin tasks
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - General UI (Show other bugs)
All Linux
low Severity medium
: DS_Future
: ---
Assigned To: Rich Megginson
Viktor Ashirov
Depends On:
Blocks: 389_1.3.0 512820 690311
  Show dependency treegraph
Reported: 2005-04-07 19:46 EDT by To Ngan
Modified: 2016-04-07 16:02 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-07 16:02:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description To Ngan 2005-04-07 19:46:42 EDT
Description of problem:
Log in to console as admin or directory manager and bring up DS console, then
"Log in as New User" and auth as a regular user.

On most panels the normal user can't do anything, but on the Tasks tap, the
stop/start/restart buttons works.  Even changing cert db passwd works too. 
He/she can also get to the admin console and change admin user id/passwd, and
admin port, etc.

Note that if a normal user run startconsole and authenticate in that way, he/she
won't be able to bring up DS console at all.  Only limited access to Users and
Groups panel in the admin console.

This is most likely not a regression, and may not be common use case anyway. 
The only risk is an admin user switch or give control of the consoles to a
regular user this way and assumes the regular user can't do anything.

How reproducible:
Comment 1 David Boreham 2005-05-06 14:03:17 EDT
This was latered in the last bug meeting.
Comment 3 Rich Megginson 2012-01-09 14:45:15 EST
Upstream ticket:
Comment 5 Noriko Hosoi 2016-04-07 16:02:47 EDT
Per triage, close and handle with upstream ticket.

Note You need to log in before you can comment on or make changes to this bug.