Bugzilla – Bug 1216080
cockpit-ws: /etc/cockpit/disallowed-users is ignored
Last modified: 2024-04-19 13:43:58 UTC
This affects all cockpit versions, not just TW. The default configuration we show in /etc/cockpit/disallowed-users, # List of users which are not allowed to login to Cockpit root but this list is ignored and root can login. What is missing this in /etc/pam.d/cockpit auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed followed by rest of the file. So we should either not ship this file, or setup pam accordingly.
Fix submitted to Factory and SLEM 6.0
This is an autogenerated message for OBS integration: This bug (1216080) was mentioned in https://build.opensuse.org/request/show/1154719 Factory / cockpit
This is an autogenerated message for OBS integration: This bug (1216080) was mentioned in https://build.opensuse.org/request/show/1154833 Factory / cockpit
This has documentation impact. At least the SLE Micro 5.5 docs explicitly mention the root option. Also, we need to test thoroughly whether elevating privileges after logging in with a non-root account actually works as expected. I've seen issues on 5.5 with the update module not working.
(In reply to Joachim Werner from comment #7) > This has documentation impact. At least the SLE Micro 5.5 docs explicitly > mention the root option. Already spoke to Jana about the docs (for 6, there's no change for 5.5), they are on top of it. > Also, we need to test thoroughly whether elevating privileges after logging > in with a non-root account actually works as expected. I've seen issues on > 5.5 with the update module not working. Can you please reference these issues?
Not fixed in aarch64 6.0 RC. Opening a new bug for that.