Sylvain Beucler <[EMAIL PROTECTED]> tapota :
> On Thu, Oct 21, 2004 at 12:28:26AM +0200, Mathieu Roy wrote:
>> Sylvain Beucler <[EMAIL PROTECTED]> tapota :
>>
>> > On Wed, Oct 20, 2004 at 11:21:16PM +0200, Mathieu Roy wrote:
>> >> Sylvain Beucler <[EMAIL PROTECTED]> tapota :
>> >>
>> >> > Hmm, at least I get the time to work on this issue:
>> >> >
>> >> > On Fri, Oct 01, 2004 at 01:31:33PM +0200, Mathieu Roy wrote:
>> >> >> Sylvain Beucler <[EMAIL PROTECTED]> tapota :
>> >> >>
>> >> >> > Hi,
>> >> >> >
>> >> >> > In our database at savannah, there are about ten users who are both
>> >> >> > pending and member of a project. They have no registered SSH keys and
>> >> >> > thus are quite useless. For example, user 'sevy'.
>> >> >> >
>> >> >> > Do you know how such accounts could have been created?
>> >> >>
>> >> >> No clue.
>> >> >>
>> >> >> How old are these accounts?
>> >> >
>> >> > It ranges from Wed Nov 14 20:39:07 2001 to Tue Nov 25 12:41:45 2003.
>> >> >
>> >> >> Who added these users to projets (should be
>> >> >> printed in these projects history)? Was it a site admin or a project
>> >> >> admin?
>> >> >
>> >> > Project admins.
>> >> >
>> >> > However, I tried to add a pending user myself, and the system did not
>> >> > returned it in the "Adding User(s) to Group" search box. Maybe this
>> >> > situation is checked since when you installed Savannah?
>> >>
>> >> The search is made only of users that are not already member of a
>> >> group.
>> >
>> > ?
>> >
>> > Here's the query (useradmin.php):
>> >
>> > $result = db_query("SELECT user_id, user_name, realname "
>> > . "FROM user "
>> > . "WHERE ((user_name LIKE '%$words1%') OR (realname
>> > LIKE '%$words2%'))
>> > AND (status='A') ORDER BY user_name LIMIT 0,26");
>>
>>
>> What really needs to be checked is in fact member_add().
>> The useradmin form apparently do not make checks on group membership
>> (maybe forgotten, maybe avoiding for perfs). But member_add() test
>> group membership.
>>
>> The problem could come from member_approve() also, but this function
>> make no insert, only update.
>>
>> It would be interesting to know what the user exactly did about his
>> account? Do you have user input?
>>
>> > Since this script only exists since the CERN branch from 2003/09, I
>> > guess there was a bug in the previous member management code...
>>
>> Were these dupes created before 2004?
>
> I am not sure I was clear enough. The problem is not that users were
> added twice. The problem is that pending users, ie never logged on the
> system (not group pending) were added to a group.
Hum, I lost track of the problem, sorry.
> So these people never updated their SSH key, but still, being member
>of an account, have a system account created.
The backend should ignore pending users, since they are not really
part of the group.
According to that piece code, they are indeed ignored:
foreach my $line (GetDB("user_group,groups,user",
"groups.group_id=user_group.group_id AND
user.user_id=user_group.user_id AND groups.status='A' AND
user_group.admin_flags<>'P'",
"user_name,unix_group_name")) {
--
Mathieu Roy
+---------------------------------------------------------------------+
| General Homepage: http://yeupou.coleumes.org/ |
| Computing Homepage: http://alberich.coleumes.org/ |
| Not a native english speaker: |
| http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english |
+---------------------------------------------------------------------+
