HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=21)
-   -   Dangerous permission to ungroped new users (http://www.howtoforge.com/forums/showthread.php?t=49391)

gdavid 12th October 2010 15:55

Dangerous permission to ungroped new users
 
I found something strange adding new users in MyDNSConfig, but maybe I'm wrong.

Created a new user, giving him "user" privileges; assigned default group other than "admin"; NOT checked ANY of the Groups below the "Default Group" pull-up menu.
This user can access ALL the zones of the db !!!
Is it a normal beaviour?

Thanks to anybody can help me in understanding or fix this.

g

till 12th October 2010 15:59

You can not create any users manually, users have to be created by adding a client. If you add a users or groups manually instead of adding a client, then the system priveliges for this user are broken as the client record which holds the limits for the user is missing.

gdavid 12th October 2010 18:19

mmm ... I'not sure I well understud. You mean the admin can't create group or users via the system tab? So, this area and their commands what are intended for?
I my short experience with MyDNS Config, this tools to manage users and groups work wery well, excep for the fact i mentioned in my first post: Default group assignment doesn't assign the group too.
Simply, If I remember to assign both (default group AND group) everything seems to work fine.
Now I will carefully check what you wrote about limits, and see if could be a problem. In my whishes is not to create a group without client, but many users belonging to the same group (=client?)
This is not a requirments, of course. I can work without System Tab. But if it is there ... I'll try to do the best with it :)
Many thanks for you reply. Helped so much in avoid future db problems.

g

till 12th October 2010 18:27

Quote:

So, this area and their commands what are intended for?
They are only there to create other administrators and not users as adminstrators have no limits.

Quote:

I my short experience with MyDNS Config, this tools to manage users and groups work wery well
Thats indeed the case as this is the permission system of ispconfig. The problem with creating a group manually is that you break the link to the client record which holds the actual limits. If you take a look in the sys_group database table, you can find there a field client_id which is 0 when you have created this group manually. If the system is not able to find the client for a given group when records are created, then the creation of dns records and zones may fail.

The group functions have also been removed in the meantime from the code, so the next mydnsconfig release will not have that area anymore to avoid such problems.

gdavid 12th October 2010 20:11

Much more clear now. Thanks. I'll definitely stop using groups and users.
Thank you so much for your great work.
g


All times are GMT +2. The time now is 08:18.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.