[#673] NSS tables can become inconsistent



Detailed description

There are various inconsistencies when working with the nss* tables (such as nssusergroups):

  • system/pgsql.class.php: -- sysCreateGroup (used by syncunixgroup.php) creates the group but pays no attention to RBAC, only to project memberships -- sysGroupCheckUser takes RBAC into account (scm write access from project role / linked role / global role)

  • users.unixstatus (which is referenced in the nsspasswd view): -- /admin/useredit.php does set unixstatus to 'N' if the user isn't member of groups anymore -- /project/admin/users.php doesn't, so if you remove a user from his last project from there, he'll keep unixstatus='A' even if he's project-orphan.

We need to make all updates to nss_* consistent.

General Information
Submitted by:
Sylvain Beucler
Date Submitted: 2014-05-13 17:30
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Permalink: https://fusionforge.org/tracker/a_follow.php/673
Internal Fields
Data Type: Bugs
Assigned to: Nobody (None)
State: Open
Priority: 3
Extra Fields
Target Release:
Found in Version:
Follow-up tabs
Message  ↓
Date: 2014-05-26 10:30
Sender: Sylvain Beucler

And see also [#660] for rebuilding nss_usergroups.

Date: 2014-05-14 08:52
Sender: Sylvain Beucler

See also [#666] . https://fusionforge.org/tracker/?func=detail&atid=105&aid=666&group_id=6

No attached documents

No related commits.

Field Old Value Date By
Found in VersionNone2014-05-13 17:30
Sylvain Beucler

No relations found.