[rt-users] Couple of RT questions

Anil Madhavapeddy anil at recoil.org
Fri May 5 07:28:57 EDT 2000

Tobias Brox wrote:
> > o There doesn't appear to be any command-line security (anyone
> >   who has access to execute the command can manipulate the queues).
> The login name is taken as the RT userid.  That means if you have a root
> user in RT with full access, and you run the CLI as root, you can do
> anything.  It's not a nice thing to do, though, as the transactions will
> be recorded as done by "Enoch Root" or something similar.
> This makes sense, people should generally not do such things while logged
> in as root, and people who have root access to the box can, by theory and
> by definition, do anything (s)he likes with the box.  If you actually
> execute rt as a user that shouldn't have access, and you get access, there
> is something seriously wrong somewhere.

Ahh, this makes sense now ... it was wierd, since some of my users
have shells, and others don't, so we were getting very confusing results
(esp. as some of the boxes we tested on had NIS activated, and others

Still, now that I know this, it makes it easy to work with ... renamed
all RT-accounts to the same as the shell ones where applicable and
everything works well!

> >   I tried chmod-ing the suid_wrapper to not allow global execution,
> >   but then the web-server fails to execute it.
> chmoding the suid_wrapper is not the right thing to do.

I guessed :-)  Things didn't take long to break once I did this ...

> > o When using the web interface, I try to bookmark some locations
> >   (such as the direct ticket display, or a predefined queue view).
> >   However, if I try to access that before I authenticate, the 
> >   authenticate screen comes up, but after authentication it reverts
> >   to the default queue view.
> Yikes.  I thought we had fixed that ages ago.  I guess it's not in the
> public version.

Would it be fixed in the RT-1 CVS branch?  I took the public release, 
but can check it out if that fixes this problem ... otherwise I'll look
for the fix in the RT-2 branch.


More information about the rt-users mailing list