Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New users added to non-admin group still mapped to UNIX group 'wheel' #469

Closed
jovatn opened this issue May 30, 2024 · 1 comment · Fixed by #471
Closed

New users added to non-admin group still mapped to UNIX group 'wheel' #469

jovatn opened this issue May 30, 2024 · 1 comment · Fixed by #471
Assignees
@troglobit
Labels
bug Something isn't working
Milestone
Infix v24.06

Comments

@jovatn
Copy link
Contributor

jovatn commented May 30, 2024
edited
Loading

Current Behavior

Creating a new user, and adding it to a non-admin group will result in the user being mapped to the privileged group 'wheel'.

Just creating the new user (jacky) will not give this result ...

admin@switch:/> configure 
admin@switch:/config/> edit system authentication user jacky
admin@switch:/config/system/authentication/user/jacky/> change password
New password: 
Retype password: 
admin@switch:/config/system/authentication/user/jacky/> set shell clish
admin@switch:/config/system/authentication/user/jacky/> leave
admin@switch:/> exit
admin@switch:~$ cat /etc/group
...
wheel:x:10:root,admin
...
admin:x:1000:
jacky:x:1001:
admin@switch:~$

... however, after adding jacky to a non-admin group (foobar), jacky ends up in the wheel group.

admin@switch:/> configure
admin@switch:/config/> edit nacm group foobar
admin@switch:/config/nacm/group/foobar/> set user-name jacky
admin@switch:/config/nacm/group/foobar/> leave
admin@switch:/> exit
admin@switch:~$ cat /etc/group
...
wheel:x:10:root,admin,jacky
...
admin:x:1000:
jacky:x:1001:
admin@switch:~$

Expected Behavior

Users should not be added to UNIX group 'wheel' unless they are added to NACM group 'admin'.

Steps To Reproduce

  1. Install Infix 24.04.2
  2. Factory reset
  3. Carry out commands as shown above.

Additional information

No response
@jovatn jovatn added bug Something isn't working triage Pending investigation & classification (CCB) labels May 30, 2024
@troglobit
Copy link
Contributor

troglobit commented May 31, 2024
edited
Loading

Reproduced, nice finding!

I believe this is the root cause also of #468. Nope, that one had a root-cause all on its own.

@troglobit troglobit removed the triage Pending investigation & classification (CCB) label Jun 2, 2024
@troglobit troglobit self-assigned this Jun 2, 2024
@troglobit troglobit added this to the Infix v24.05 milestone Jun 2, 2024
troglobit added a commit that referenced this issue Jun 2, 2024
@troglobit
confd: fix check for group membership
9bdee86 
Checking if a user is an administratr we cannot rely solely on the
return value of sr_get_items() but also ensure at least one group
matches the search criteria.

Fixes #469

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
@troglobit troglobit linked a pull request Jun 2, 2024 that will close this issue
Replace augeas with plain C and sed #471
Merged
14 tasks
@wkz wkz closed this as completed in #471 Jun 3, 2024
@wkz wkz closed this as completed in 50e068e Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@troglobit troglobit

Labels
bug Something isn't working
Projects
None yet
Milestone
Infix v24.06
Development

Successfully merging a pull request may close this issue.

Replace augeas with plain C and sed kernelkit/infix
2 participants
@troglobit @jovatn