Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-9226

Viewer role in Fabric can execute profile-export and profile-import

    XMLWordPrintable

Details

    • % %
    • Hide

      1. Unzip Fuse 6.2.1 R9

      2. Create Fabric:

      fabric:create --clean --zookeeper-password admin --wait-for-provisioning

      3. Create user in viewer group executing:

      jaas:manage --index 1
      jaas:userdel emunoz
      jaas:update
      jaas:manage --index 1
      jaas:useradd emunoz emunoz
      jaas:update
      jaas:manage --index 1
      jaas:groupcreate visualizer
      jaas:grouproleadd visualizer viewer
      jaas:groupadd emunoz visualizer
      jaas:update

      4. Login with new user:

      bin/client -u emunoz -p emunoz

      5. Try to execute any profile-import or profile-export command:

      fabric:profile-import --help

      Show
      1. Unzip Fuse 6.2.1 R9 2. Create Fabric: fabric:create --clean --zookeeper-password admin --wait-for-provisioning 3. Create user in viewer group executing: jaas:manage --index 1 jaas:userdel emunoz jaas:update jaas:manage --index 1 jaas:useradd emunoz emunoz jaas:update jaas:manage --index 1 jaas:groupcreate visualizer jaas:grouproleadd visualizer viewer jaas:groupadd emunoz visualizer jaas:update 4. Login with new user: bin/client -u emunoz -p emunoz 5. Try to execute any profile-import or profile-export command: fabric:profile-import --help

    Description

      Viewer role can execute profile-export and profile-import commands, so an user with that role can edit externally any profile and then import it again.

      A workaround was executing:

      >config:edit org.apache.karaf.command.acl.fabric
      >config:propappend -p org.apache.karaf.command.acl.fabric profile-export Deployer,Auditor,Administrator,SuperUser,admin
      >config:propappend -p org.apache.karaf.command.acl.fabric profile-import Deployer,Auditor,Administrator,SuperUser,admin
      >config:update

      or:

      >fabric:profile-edit --pid org.apache.karaf.command.acl.fabric/profile-export=Deployer,Auditor,Administrator,SuperUser,admin acls
      >fabric:profile-edit --pid org.apache.karaf.command.acl.fabric/profile-import=Deployer,Auditor,Administrator,SuperUser,admin acls

      Attachments

        Activity

          People

            ggrzybek Grzegorz Grzybek
            emunoz@redhat.com Elkin Dario Munoz Duarte
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: