Project

General

Profile

Bug #40704

Do not grant extra privileges to users when a Directory Service is enabled

Added by John Hixson 10 months ago. Updated 9 months ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
Med High
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Customer system was hanging on boot because we were trying to grant "SeTakeOwnershipPrivilege", "SeBackupPrivilege", "SeRestorePrivilege" to all of the ldap users in the environment.

We should have an extra check for the server role so that we don't do this in environments where directory services are enabled. If they are required, perhaps we should grant them to a foreign group rather than every ldap user.


Related issues

Copied from FreeNAS - Bug #28406: Do not grant extra privileges to users when a Directory Service is enabledDone

Associated revisions

Revision db8aecad (diff)
Added by Andrew Madrid 10 months ago

do not grant extra privileges to users

These are inappropriate from a security perspective in an AD / LDAP environment, and they can negatively impact boot times.

(cherry picked from commit ee5064581cd5696fa2adb3fe035e305d22c1921b)

(11.1-stable)
Ticket: #40704

History

#1 Updated by John Hixson 10 months ago

  • Copied from Bug #28406: Do not grant extra privileges to users when a Directory Service is enabled added

#2 Updated by John Hixson 10 months ago

#3 Updated by Dru Lavigne 10 months ago

  • Status changed from Unscreened to In Progress
  • Needs QA changed from No to Yes
  • Needs Merging changed from No to Yes

#4 Updated by Dru Lavigne 10 months ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

#5 Updated by Bonnie Follweiler 9 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Passed testing in FreeNAS 11.1-U6 Internal6

#6 Updated by Dru Lavigne 9 months ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF