[rt-users] Control
Teo de Hesselle
teo.dehesselle at uts.edu.au
Tue Jul 3 01:48:54 EDT 2001
Jesse wrote:
>
> Well, you can grant createuser to both managers and then only grant
> "AdminACL" to each manager for his respective queue. that should do
> about what you want.
Yes, this should work well. Since there's only 'AdminUsers', I've just
handed over control of the entire RT database by doing this - there is now
nothing stopping manager-A from hijacking manager-B or root's account by
simply changing the password.
Fortunately the managers are neither brave nor 31337 enough to try it.
Perhaps a future version would at least stop them from manipulating any
"Super-User" accounts? Or even allow account manipulation in the same
group only?
--
Téo de Hesselle, | Diplomacy is about surviving until
Unix Systems Administrator | the next century. Politics is
| about surviving until Friday
University of Technology, Sydney | afternoon. -- Yes, Minister
More information about the rt-users
mailing list