Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 154176

Summary: Switch to normal user in DS console still allows certain admin tasks
Product: Red Hat Directory Server Reporter: To Ngan <tngan>
Component: UI - General UIAssignee: Rich Megginson <rmeggins>
Status: CLOSED UPSTREAM QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 7.1CC: jgalipea, nhosoi
Target Milestone: DS_Future   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-07 20:02:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 495079    

Description To Ngan 2005-04-07 23:46:42 UTC
Description of problem:
Log in to console as admin or directory manager and bring up DS console, then
"Log in as New User" and auth as a regular user.

On most panels the normal user can't do anything, but on the Tasks tap, the
stop/start/restart buttons works.  Even changing cert db passwd works too. 
He/she can also get to the admin console and change admin user id/passwd, and
admin port, etc.


Note that if a normal user run startconsole and authenticate in that way, he/she
won't be able to bring up DS console at all.  Only limited access to Users and
Groups panel in the admin console.

This is most likely not a regression, and may not be common use case anyway. 
The only risk is an admin user switch or give control of the consoles to a
regular user this way and assumes the regular user can't do anything.


How reproducible:
Consistently.

Comment 1 David Boreham 2005-05-06 18:03:17 UTC
This was latered in the last bug meeting.

Comment 3 Rich Megginson 2012-01-09 19:45:15 UTC
Upstream ticket:
https://fedorahosted.org/389/ticket/233

Comment 5 Noriko Hosoi 2016-04-07 20:02:47 UTC
Per triage, close and handle with upstream ticket.