[rt-users] Control

Jesse jesse at fsck.com
Tue Jul 3 01:52:35 EDT 2001


That gets into rather more intense user managment scenarios than I really
want to deal with get into dealing with.  I'm not really sure how to
deal with granting a user the ability to munge any aspect of a set of users' 
accounts with zero access to another set of users without a MAJOR redesign
of the ACL system. :/

        -j


On Tue, Jul 03, 2001 at 03:48:54PM +1000, Teo de Hesselle wrote:
> Jesse wrote:
> > 
> > Well, you can grant createuser to both managers and then only grant
> > "AdminACL" to each manager for his respective queue. that should do
> > about what you want.
> 
> Yes, this should work well. Since there's only 'AdminUsers', I've just
> handed over control of the entire RT database by doing this - there is now
> nothing stopping manager-A from hijacking manager-B or root's account by
> simply changing the password.
> 
> Fortunately the managers are neither brave nor 31337 enough to try it.
> 
> Perhaps a future version would at least stop them from manipulating any
> "Super-User" accounts? Or even allow account manipulation in the same
> group only?
> 
> 
> 
> -- 
> Téo de Hesselle,                 | Diplomacy is about surviving until
> Unix Systems Administrator       | the next century.  Politics is 
>                                  | about surviving until Friday 
> University of Technology, Sydney | afternoon.        -- Yes, Minister
> 

-- 
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com 
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

...realized that the entire structure of the net could be changed to be made 
more efficient, elegant, and spontaneously make more money for everyone 
involved. It's a marvelously simple diagram, but this form doesn't have a way 
for me to draw it.  It'll wait. 				-Adam Hirsch




More information about the rt-users mailing list