Project

General

Profile

Bug #1875

Updated by Lukas Zapletal almost 6 years ago

Testing user permissions on foreman-1.0.1-1.el6.noarch



I setup a test account with a filter that only allows it view and provision VMs on on a single computer research (libvirt). That seems to work as far as actually spawning the VMs but I haven't tested beyond that. However, if I try to create a baremetal instance with this restricted user, it actually does create a host entry (after reporting an error message) which is then invisible to the restricted user as it's not the visible computer resource.



This is fairly scary as a user could create dhcp reservations, dns entries, etc. without knowing it.



<pre>

[root@ctrl ~]# grep thiswillpuke /var/lib/dhcpd/dhcpd.leases

host thiswillpuke.tuc.noao.edu {

supersede host-name = "thiswillpuke.tuc.noao.edu";



[root@ctrl ~]# ls -la /tftpboot/pxelinux.cfg/01-00-11-22-33-44-55

-rw-rw-rw- 1 foreman-proxy foreman-proxy 206 Sep 27 11:19 /tftpboot/pxelinux.cfg/01-00-11-22-33-44-55

</pre>



Also, deleting these created hosts is subject to Bug #1529 since they (presumably) are never provisioned.

Back