[Bug 1216080] New: cockpit-ws: /etc/cockpit/disallowed-users is ignored
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Bug ID: 1216080 Summary: cockpit-ws: /etc/cockpit/disallowed-users is ignored Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: Cockpit-bugs@suse.de Reporter: amajer@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- This affects all cockpit versions, not just TW. The default configuration we show in /etc/cockpit/disallowed-users, # List of users which are not allowed to login to Cockpit root but this list is ignored and root can login. What is missing this in /etc/pam.d/cockpit auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed followed by rest of the file. So we should either not ship this file, or setup pam accordingly. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Zaoliang Luo <zluo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zluo@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Robert Simai <robert.simai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(jsegitz@suse.com) CC| |jsegitz@suse.com, | |robert.simai@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent Flags|needinfo?(jsegitz@suse.com) | -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 https://bugzilla.suse.com/show_bug.cgi?id=1216080#c3 Adam Majer <amajer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Adam Majer <amajer@suse.com> --- Fix submitted to Factory and SLEM 6.0 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 https://bugzilla.suse.com/show_bug.cgi?id=1216080#c7 Joachim Werner <joe@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joe@suse.com --- Comment #7 from Joachim Werner <joe@suse.com> --- This has documentation impact. At least the SLE Micro 5.5 docs explicitly mention the root option. Also, we need to test thoroughly whether elevating privileges after logging in with a non-root account actually works as expected. I've seen issues on 5.5 with the update module not working. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 https://bugzilla.suse.com/show_bug.cgi?id=1216080#c8 Robert Simai <robert.simai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |--- Flags| |needinfo?(joe@suse.com) Status|RESOLVED |REOPENED --- Comment #8 from Robert Simai <robert.simai@suse.com> --- (In reply to Joachim Werner from comment #7)
This has documentation impact. At least the SLE Micro 5.5 docs explicitly mention the root option.
Already spoke to Jana about the docs (for 6, there's no change for 5.5), they are on top of it.
Also, we need to test thoroughly whether elevating privileges after logging in with a non-root account actually works as expected. I've seen issues on 5.5 with the update module not working.
Can you please reference these issues? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 Robert Simai <robert.simai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|REOPENED |RESOLVED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216080 https://bugzilla.suse.com/show_bug.cgi?id=1216080#c10 Joachim Werner <joe@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(joe@suse.com) | --- Comment #10 from Joachim Werner <joe@suse.com> --- Not fixed in aarch64 6.0 RC. Opening a new bug for that. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com