You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2015/04/07 21:45:12 UTC
[jira] [Commented] (VCL-858) Image owner should have root access
for imaging reservations
[ https://issues.apache.org/jira/browse/VCL-858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14483904#comment-14483904 ]
ASF subversion and git services commented on VCL-858:
-----------------------------------------------------
Commit 1671932 from [~arkurth] in branch 'vcl/trunk'
[ https://svn.apache.org/r1671932 ]
VCL-857
Changed logic in utils.pm::get_request_info so that the imagemeta.rootaccess value is used for members of a server request admin group. This prevents the non-owner of an image from being able to make a server request and bypass the image owner's root access setting.
VCL-858
Added check to ensure request user is granted root access if request.forimaging = 1 and request user is the image owner.
> Image owner should have root access for imaging reservations
> ------------------------------------------------------------
>
> Key: VCL-858
> URL: https://issues.apache.org/jira/browse/VCL-858
> Project: VCL
> Issue Type: Bug
> Components: vcld (backend)
> Affects Versions: 2.4
> Environment: * Linux image
> * imagemeta.rootaccess = 0
> * request.forimaging = 1
> * request.userid = image.ownerid
> Reporter: Andy Kurth
> Assignee: Andy Kurth
> Fix For: 2.4.2
>
>
> When the owner of a Linux image configured with _Users have administrative access_ set to no makes an imaging reservation, the user does not have root access within the image. This makes any attempt at updating or creating a new image pointless.
> The user should have root access under these conditions. Care must be taken to ensure root access is only allowed for the image owner.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)