- **Milestone**: 4.3.3 --> never
---
** [tickets:#1122] attribute authorizedGroup of access control feature is
modifiable by any user**
**Status:** duplicate
**Milestone:** never
**Created:** Mon Sep 22, 2014 12:11 PM UTC by surender khetavath
**Last Updated:** Mon Sep 22, 2014 02:29 PM UTC
**Owner:** nobody
changeset : 5679
According to README.ACCESS_CONTROL:
"""authorizedGroup" is an optional attribute of type string holding the name of
an existing linux group. Members of this group will have access to IMM.
Only the root user can change these attributes.
"""
But any user, other than root user, is able to modify this attribute.
Trace shown below:
immcfg -a authorizedGroup="GROUP" opensafImm=opensafImm,safApp=safImmService
tet@SC-1:/etc/opensaf> immlist opensafImm=opensafImm,safApp=safImmService
Name Type Value(s)
========================================================================
authorizedGroup SA_STRING_T GROUP
accessControlMode SA_UINT32_T 0 (0x0)
SaImmAttrImplementerName SA_STRING_T OpenSafImmPBE
SaImmAttrClassName SA_STRING_T OpensafImm
SaImmAttrAdminOwnerName SA_STRING_T <Empty>
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
