Bug #1875
Updated by Lukas Zapletal over 10 years ago
Testing user permissions on foreman-1.0.1-1.el6.noarch I setup a test account with a filter that only allows it view and provision VMs on on a single computer research (libvirt). That seems to work as far as actually spawning the VMs but I haven't tested beyond that. However, if I try to create a baremetal instance with this restricted user, it actually does create a host entry (after reporting an error message) which is then invisible to the restricted user as it's not the visible computer resource. This is fairly scary as a user could create dhcp reservations, dns entries, etc. without knowing it. <pre> [root@ctrl ~]# grep thiswillpuke /var/lib/dhcpd/dhcpd.leases host thiswillpuke.tuc.noao.edu { supersede host-name = "thiswillpuke.tuc.noao.edu"; [root@ctrl ~]# ls -la /tftpboot/pxelinux.cfg/01-00-11-22-33-44-55 -rw-rw-rw- 1 foreman-proxy foreman-proxy 206 Sep 27 11:19 /tftpboot/pxelinux.cfg/01-00-11-22-33-44-55 </pre> Also, deleting these created hosts is subject to Bug #1529 since they (presumably) are never provisioned.