Red Hat Bugzilla – Bug 82636
redhat-config-users allows root account to be locked
Last modified: 2008-05-01 11:38:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i586; U;) Gecko/20020830
Description of problem:
Using redhat-config-users allows root account to be locked. This is probably not
desireable. I haven't tried (too scared to try it), but perhaps someone should
also check to make sure that you can't delete the root account. That is also
probably not desireable. Also, maybe check account expiration, and for anything
else you might not want to do to a root account.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Start redhat-config-users
2. Go to Preferences, and uncheck "Filter system users and groups"
3. Select the root account
4. Bring up the Properties dialog
5. Choose the "Account Info" Tab
6. Check the "User account is locked" box
7. Click "OK" and exit the program
Actual Results: the program did nothing (not even a warning box), and locked
the account. I was no longer able to login as root. Of course, I left myself
logged in, so I was able to undo the damage.
Expected Results: At the very least a warning box should come up, or perhaps
the program should forbid that action altogther.
redhat-config-users-1.1.5-1 should now allow the "lock account" button to be
checked if the root account is selected. Thanks for your report.
QA, please verify.
Verified that the "lock account" button cannot be selected for the user 'root'
using "redhat-config-users-1.1.5-5" on Phoebe 8.0.94.
Thanks for the testing. Resolving as Rawhide.