Bug 82636 - redhat-config-users allows root account to be locked
Summary: redhat-config-users allows root account to be locked
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-users
Version: 8.0
Hardware: i586
OS: Linux
Target Milestone: ---
Assignee: Brent Fox
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-01-24 09:51 UTC by Ronald Roth
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-03-14 16:36:13 UTC

Attachments (Terms of Use)

Description Ronald Roth 2003-01-24 09:51:47 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i586; U;) Gecko/20020830

Description of problem:
Using redhat-config-users allows root account to be locked. This is probably not
desireable.  I haven't tried (too scared to try it), but perhaps someone should
also check to make sure that you can't delete the root account.  That is also
probably not desireable.  Also, maybe check account expiration, and for anything
else you might not want to do to a root account.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Start redhat-config-users
2.  Go to Preferences, and uncheck "Filter system users and groups"  
3.  Select the root account
4.  Bring up the Properties dialog
5.  Choose the "Account Info" Tab
6.  Check the "User account is locked" box
7.  Click "OK" and exit the program


Actual Results:  the program did nothing (not even a warning box), and locked
the account. I was no longer able to login as root.  Of course, I left myself
logged in, so I was able to undo the damage.

Expected Results:  At the very least a warning box should come up, or perhaps
the program should forbid that action altogther.

Additional info:

Comment 1 Brent Fox 2003-02-05 20:12:14 UTC
redhat-config-users-1.1.5-1 should now allow the "lock account" button to be
checked if the root account is selected.  Thanks for your report.  

QA, please verify.

Comment 2 Peter van Egdom 2003-03-12 22:30:40 UTC
Verified that the "lock account" button cannot be selected for the user 'root'
using "redhat-config-users-1.1.5-5" on Phoebe 8.0.94.

Comment 3 Brent Fox 2003-03-14 16:36:13 UTC
Thanks for the testing.  Resolving as Rawhide.

Note You need to log in before you can comment on or make changes to this bug.