[Bug 1216080] New: cockpit-ws: /etc/cockpit/disallowed-users is ignored
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Bug ID: 1216080 Summary: cockpit-ws: /etc/cockpit/disallowed-users is ignored Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: Cockpit-bugs@suse.de Reporter: amajer@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- This affects all cockpit versions, not just TW. The default configuration we show in /etc/cockpit/disallowed-users, # List of users which are not allowed to login to Cockpit root but this list is ignored and root can login. What is missing this in /etc/pam.d/cockpit auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed followed by rest of the file. So we should either not ship this file, or setup pam accordingly. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080
Zaoliang Luo
https://bugzilla.suse.com/show_bug.cgi?id=1216080
Robert Simai
https://bugzilla.suse.com/show_bug.cgi?id=1216080
Johannes Segitz
https://bugzilla.suse.com/show_bug.cgi?id=1216080
https://bugzilla.suse.com/show_bug.cgi?id=1216080#c3
Adam Majer
https://bugzilla.suse.com/show_bug.cgi?id=1216080
https://bugzilla.suse.com/show_bug.cgi?id=1216080#c7
Joachim Werner
https://bugzilla.suse.com/show_bug.cgi?id=1216080
https://bugzilla.suse.com/show_bug.cgi?id=1216080#c8
Robert Simai
This has documentation impact. At least the SLE Micro 5.5 docs explicitly mention the root option.
Already spoke to Jana about the docs (for 6, there's no change for 5.5), they are on top of it.
Also, we need to test thoroughly whether elevating privileges after logging in with a non-root account actually works as expected. I've seen issues on 5.5 with the update module not working.
Can you please reference these issues? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080
Robert Simai
https://bugzilla.suse.com/show_bug.cgi?id=1216080
https://bugzilla.suse.com/show_bug.cgi?id=1216080#c10
Joachim Werner
participants (1)
-
bugzilla_noreply@suse.com