Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9226

Viewer role in Fabric can execute profile-export and profile-import

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      1. Unzip Fuse 6.2.1 R9

      2. Create Fabric:

      fabric:create --clean --zookeeper-password admin --wait-for-provisioning

      3. Create user in viewer group executing:

      jaas:manage --index 1
      jaas:userdel emunoz
      jaas:update
      jaas:manage --index 1
      jaas:useradd emunoz emunoz
      jaas:update
      jaas:manage --index 1
      jaas:groupcreate visualizer
      jaas:grouproleadd visualizer viewer
      jaas:groupadd emunoz visualizer
      jaas:update

      4. Login with new user:

      bin/client -u emunoz -p emunoz

      5. Try to execute any profile-import or profile-export command:

      fabric:profile-import --help

      Show
      1. Unzip Fuse 6.2.1 R9 2. Create Fabric: fabric:create --clean --zookeeper-password admin --wait-for-provisioning 3. Create user in viewer group executing: jaas:manage --index 1 jaas:userdel emunoz jaas:update jaas:manage --index 1 jaas:useradd emunoz emunoz jaas:update jaas:manage --index 1 jaas:groupcreate visualizer jaas:grouproleadd visualizer viewer jaas:groupadd emunoz visualizer jaas:update 4. Login with new user: bin/client -u emunoz -p emunoz 5. Try to execute any profile-import or profile-export command: fabric:profile-import --help

      Description

      Viewer role can execute profile-export and profile-import commands, so an user with that role can edit externally any profile and then import it again.

      A workaround was executing:

      >config:edit org.apache.karaf.command.acl.fabric
      >config:propappend -p org.apache.karaf.command.acl.fabric profile-export Deployer,Auditor,Administrator,SuperUser,admin
      >config:propappend -p org.apache.karaf.command.acl.fabric profile-import Deployer,Auditor,Administrator,SuperUser,admin
      >config:update

      or:

      >fabric:profile-edit --pid org.apache.karaf.command.acl.fabric/profile-export=Deployer,Auditor,Administrator,SuperUser,admin acls
      >fabric:profile-edit --pid org.apache.karaf.command.acl.fabric/profile-import=Deployer,Auditor,Administrator,SuperUser,admin acls

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                grgrzybek Grzegorz Grzybek
                Reporter:
                emunoz Elkin Munoz
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: