From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@dev.tarantool.org, kostja.osipov@gmail.com
Subject: [Tarantool-patches] [PATCH 2/2] access: forbid to drop admin's universe access
Date: Fri, 1 Nov 2019 22:42:25 +0100 [thread overview]
Message-ID: <a4e7ec1f743fa7901c34a48a12ffcfd312bfb796.1572644348.git.v.shpilevoy@tarantool.org> (raw)
In-Reply-To: <cover.1572644348.git.v.shpilevoy@tarantool.org>
Bootstrap and recovery work on behalf of admin. Without the
universe access they are not able to even fill system spaces with
data.
It is better to forbid this ability until someone made their
cluster unrecoverable.
---
src/box/user.cc | 6 ++++++
test/box/access.result | 8 ++++++++
test/box/access.test.lua | 6 ++++++
3 files changed, 20 insertions(+)
diff --git a/src/box/user.cc b/src/box/user.cc
index cdddf237b..6b4a5565e 100644
--- a/src/box/user.cc
+++ b/src/box/user.cc
@@ -764,6 +764,12 @@ priv_grant(struct user *grantee, struct priv_def *priv)
struct access *object = access_find(priv->object_type, priv->object_id);
if (object == NULL)
return 0;
+ if (grantee->auth_token == ADMIN && priv->object_type == SC_UNIVERSE &&
+ priv->access != USER_ACCESS_FULL) {
+ diag_set(ClientError, ER_GRANT,
+ "can't revoke universe from the admin user");
+ return -1;
+ }
struct access *access = &object[grantee->auth_token];
access->granted = priv->access;
if (rebuild_effective_grants(grantee) != 0)
diff --git a/test/box/access.result b/test/box/access.result
index dc339038d..01126a94b 100644
--- a/test/box/access.result
+++ b/test/box/access.result
@@ -2099,3 +2099,11 @@ box.schema.user.drop("user2")
box.schema.user.drop("user3")
---
...
+--
+-- Check that admin user privileges can't be removed. Otherwise an
+-- instance could not bootstrap nor recovery.
+--
+box.space._priv:delete{1, 'universe', 0}
+---
+- error: 'Incorrect grant arguments: can''t revoke universe from the admin user'
+...
diff --git a/test/box/access.test.lua b/test/box/access.test.lua
index a9843d155..759827721 100644
--- a/test/box/access.test.lua
+++ b/test/box/access.test.lua
@@ -800,3 +800,9 @@ box.space._user:select{}
box.schema.user.drop("user1")
box.schema.user.drop("user2")
box.schema.user.drop("user3")
+
+--
+-- Check that admin user privileges can't be removed. Otherwise an
+-- instance could not bootstrap nor recovery.
+--
+box.space._priv:delete{1, 'universe', 0}
--
2.21.0 (Apple Git-122.2)
next prev parent reply other threads:[~2019-11-01 21:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-01 21:42 [Tarantool-patches] [PATCH 0/2] Admin " Vladislav Shpilevoy
2019-11-01 21:42 ` [Tarantool-patches] [PATCH 1/2] replication: don't drop admin super privileges Vladislav Shpilevoy
2019-11-05 12:40 ` Vladislav Shpilevoy
2019-11-05 18:20 ` Konstantin Osipov
2019-11-01 21:42 ` Vladislav Shpilevoy [this message]
2019-11-05 18:21 ` [Tarantool-patches] [PATCH 2/2] access: forbid to drop admin's universe access Konstantin Osipov
2019-11-12 9:37 ` [Tarantool-patches] [PATCH 0/2] Admin " Kirill Yukhin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4e7ec1f743fa7901c34a48a12ffcfd312bfb796.1572644348.git.v.shpilevoy@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=kostja.osipov@gmail.com \
--cc=tarantool-patches@dev.tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH 2/2] access: forbid to drop admin'\''s universe access' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox