Bug 82636 - redhat-config-users allows root account to be locked
redhat-config-users allows root account to be locked
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-users (Show other bugs)
i586 Linux
medium Severity low
: ---
: ---
Assigned To: Brent Fox
Depends On:
  Show dependency treegraph
Reported: 2003-01-24 04:51 EST by Ronald Roth
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-03-14 11:36:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ronald Roth 2003-01-24 04:51:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i586; U;) Gecko/20020830

Description of problem:
Using redhat-config-users allows root account to be locked. This is probably not
desireable.  I haven't tried (too scared to try it), but perhaps someone should
also check to make sure that you can't delete the root account.  That is also
probably not desireable.  Also, maybe check account expiration, and for anything
else you might not want to do to a root account.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Start redhat-config-users
2.  Go to Preferences, and uncheck "Filter system users and groups"  
3.  Select the root account
4.  Bring up the Properties dialog
5.  Choose the "Account Info" Tab
6.  Check the "User account is locked" box
7.  Click "OK" and exit the program


Actual Results:  the program did nothing (not even a warning box), and locked
the account. I was no longer able to login as root.  Of course, I left myself
logged in, so I was able to undo the damage.

Expected Results:  At the very least a warning box should come up, or perhaps
the program should forbid that action altogther.

Additional info:
Comment 1 Brent Fox 2003-02-05 15:12:14 EST
redhat-config-users-1.1.5-1 should now allow the "lock account" button to be
checked if the root account is selected.  Thanks for your report.  

QA, please verify.
Comment 2 Peter van Egdom 2003-03-12 17:30:40 EST
Verified that the "lock account" button cannot be selected for the user 'root'
using "redhat-config-users-1.1.5-5" on Phoebe 8.0.94.
Comment 3 Brent Fox 2003-03-14 11:36:13 EST
Thanks for the testing.  Resolving as Rawhide.

Note You need to log in before you can comment on or make changes to this bug.