Dangerous permission to ungroped new users

Discussion in 'General' started by gdavid, Oct 12, 2010.

  1. gdavid

    gdavid New Member

    I found something strange adding new users in MyDNSConfig, but maybe I'm wrong.

    Created a new user, giving him "user" privileges; assigned default group other than "admin"; NOT checked ANY of the Groups below the "Default Group" pull-up menu.
    This user can access ALL the zones of the db !!!
    Is it a normal beaviour?

    Thanks to anybody can help me in understanding or fix this.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can not create any users manually, users have to be created by adding a client. If you add a users or groups manually instead of adding a client, then the system priveliges for this user are broken as the client record which holds the limits for the user is missing.
  3. gdavid

    gdavid New Member

    mmm ... I'not sure I well understud. You mean the admin can't create group or users via the system tab? So, this area and their commands what are intended for?
    I my short experience with MyDNS Config, this tools to manage users and groups work wery well, excep for the fact i mentioned in my first post: Default group assignment doesn't assign the group too.
    Simply, If I remember to assign both (default group AND group) everything seems to work fine.
    Now I will carefully check what you wrote about limits, and see if could be a problem. In my whishes is not to create a group without client, but many users belonging to the same group (=client?)
    This is not a requirments, of course. I can work without System Tab. But if it is there ... I'll try to do the best with it :)
    Many thanks for you reply. Helped so much in avoid future db problems.

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    They are only there to create other administrators and not users as adminstrators have no limits.

    Thats indeed the case as this is the permission system of ispconfig. The problem with creating a group manually is that you break the link to the client record which holds the actual limits. If you take a look in the sys_group database table, you can find there a field client_id which is 0 when you have created this group manually. If the system is not able to find the client for a given group when records are created, then the creation of dns records and zones may fail.

    The group functions have also been removed in the meantime from the code, so the next mydnsconfig release will not have that area anymore to avoid such problems.
  5. gdavid

    gdavid New Member

    Much more clear now. Thanks. I'll definitely stop using groups and users.
    Thank you so much for your great work.

Share This Page