perfsonar-user - [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Jim Nauer CWRU <>
- To:
- Subject: [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?
- Date: Thu, 16 Oct 2014 12:05:15 -0400
Yesterday, I did the upgrade to pS 3.4 (from a 3.3.x NetInstall that had been done in July, and was fully up-to-date before pS 3.4 was released).
Today, I was unable to log in to the web interface with any user--not root, not the non-root user I had created specifically to address this issue.
I created new user account, and was able to log in...but then I dug in to the documentation on the "Manager Users" page. According to that page, under 3.4, SSH users should not automatically get "sudoer" privileges--but in my testing, if both SSH login & web interface options are selected, the new user account _is_ added to the "wheel" group (and thus gets 'sudo' privs but also should trigger the new web-access-not-allowed restriction).
To be clear, here is exactly what is happening:
1) create user 'foo', select ONLY "Should this user be able to login via SSH? [yes] "
result: user 'foo' is created, and is a member of only the group "foo".
SSH login works, 'sudo' fails, web login fails (as expected)
2) create user "bar", select ONLY "Should this user be able to login to the web interface? [yes] "
result: user "bar" is created, and is a member of the groups "bar" and "psadmin".
SSH login fails, web login succeeds (as expected)
3) create user "baz", select BOTH "Should this user be able to login via SSH? [yes] " and "Should this user be able to login to the web interface? [yes] "
result: user "baz" is created, and is a member of the groups "baz", "psadmin", AND "wheel".
result: user "baz" is created, and is a member of the groups "baz", "psadmin", AND "wheel".
SSH login works, and 'sudo' works (as expected, since %wheel is allowed by the sudoers file).
web login works (NOT as expected, if "wheel" members are supposed to be denied access).
Any clues as to what's going on here? Is nptoolkit-configure.py mis-behaving, and/or the web server, and/or am I mis-understanding of how things are supposed to work?
--
James A. Nauer | "I shall not yield one whit of maturity,
Engineer III, ITS Build | not grace, not respectability, to the
Information Technology Services | passing of time. I declare that I shall
Case Western Reserve University | forever be, if not a child, certainly
(216) 368-MACS (368-6227) | childish" --Kennet Shardik
USPA D-25604
Engineer III, ITS Build | not grace, not respectability, to the
Information Technology Services | passing of time. I declare that I shall
Case Western Reserve University | forever be, if not a child, certainly
(216) 368-MACS (368-6227) | childish" --Kennet Shardik
USPA D-25604
- [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?, Jim Nauer CWRU, 10/16/2014
- Re: [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?, Philip Papadopoulos, 10/16/2014
- Re: [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?, Andrew Lake, 10/16/2014
- Re: [perfsonar-user] pS 3.4 upgrade: Possible bug in user account management?, Philip Papadopoulos, 10/16/2014
Archive powered by MHonArc 2.6.16.