Bug 851786 - Ejabberd XMPP user remains in admin role although it was removed from "admin" acl
Ejabberd XMPP user remains in admin role although it was removed from "admin"...
Status: CLOSED WONTFIX
Product: Fedora EPEL
Classification: Fedora
Component: ejabberd (Show other bugs)
el6
All All
unspecified Severity high
: ---
: ---
Assigned To: Orphan Owner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-25 14:15 EDT by Michal Bruncko
Modified: 2015-01-15 11:24 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-15 11:24:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Bruncko 2012-08-25 14:15:34 EDT
Description of problem:
XMPP user remains in admin role although it is removed from "admin" ACL - he can see everything that is allowed on access rules when "admin" acl is used. 
i.e. access rules:
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.

still allowing user (which is no more member of "admin" acl) to make such actions (view configuration,commands in Service Discovery, sending announcments and so on )

Version-Release number of selected component (if applicable):
ejabberd-2.1.11-3.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. configure himself with admin role with following acl:
{acl, admin, {user, "jid", "domain.tld"}}.
2. log in to XMPP service
3. log out from XMPP service
4. remove/comment out the ACL created in step 1
5. log in back to XMPP service
  
Actual results:
user is still with admin rights (he can view configuration,commands in Service Discovery, sending announcments, managing MUC and so on)

Expected results:
user should not be more with admin rights

Additional info:
- workaround: after every change in ACL I am removing file "/var/lib/ejabberd/spool/acl.DCD" - which forces ejabberd to recreate it on startup according actual configuration from ejabberd.cfg
- yes, when you log into Ejabberd Web GUI, you will not be treated as admin, but in usual clients (miranda, pidgin) you can accessible admin tools and execute a admin operations/commands.
Comment 1 Eric Christensen 2015-01-15 11:24:47 EST
This package has been retired.  This ticket should be reopened if the package is unretired.

Note You need to log in before you can comment on or make changes to this bug.