[Tarantool-patches] [PATCH 2/2] access: forbid to drop admin's universe access
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Sat Nov 2 00:42:25 MSK 2019
Bootstrap and recovery work on behalf of admin. Without the
universe access they are not able to even fill system spaces with
data.
It is better to forbid this ability until someone made their
cluster unrecoverable.
---
src/box/user.cc | 6 ++++++
test/box/access.result | 8 ++++++++
test/box/access.test.lua | 6 ++++++
3 files changed, 20 insertions(+)
diff --git a/src/box/user.cc b/src/box/user.cc
index cdddf237b..6b4a5565e 100644
--- a/src/box/user.cc
+++ b/src/box/user.cc
@@ -764,6 +764,12 @@ priv_grant(struct user *grantee, struct priv_def *priv)
struct access *object = access_find(priv->object_type, priv->object_id);
if (object == NULL)
return 0;
+ if (grantee->auth_token == ADMIN && priv->object_type == SC_UNIVERSE &&
+ priv->access != USER_ACCESS_FULL) {
+ diag_set(ClientError, ER_GRANT,
+ "can't revoke universe from the admin user");
+ return -1;
+ }
struct access *access = &object[grantee->auth_token];
access->granted = priv->access;
if (rebuild_effective_grants(grantee) != 0)
diff --git a/test/box/access.result b/test/box/access.result
index dc339038d..01126a94b 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -2099,3 +2099,11 @@ box.schema.user.drop("user2")
box.schema.user.drop("user3")
---
...
+--
+-- Check that admin user privileges can't be removed. Otherwise an
+-- instance could not bootstrap nor recovery.
+--
+box.space._priv:delete{1, 'universe', 0}
+---
+- error: 'Incorrect grant arguments: can''t revoke universe from the admin user'
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index a9843d155..759827721 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -800,3 +800,9 @@ box.space._user:select{}
box.schema.user.drop("user1")
box.schema.user.drop("user2")
box.schema.user.drop("user3")
+
+--
+-- Check that admin user privileges can't be removed. Otherwise an
+-- instance could not bootstrap nor recovery.
+--
+box.space._priv:delete{1, 'universe', 0}
--
2.21.0 (Apple Git-122.2)
More information about the Tarantool-patches
mailing list