[
https://issues.apache.org/jira/browse/GUACAMOLE-1957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17856852#comment-17856852
]
Nick Couchman commented on GUACAMOLE-1957:
------------------------------------------
{quote}
To be honest, this approach to permissions is kind of strange and not intuitive
- when user have his admin rights removed he should not be able to do any
admin-related tasks, meaningless of fact that he created, or not, some of the
resources.
{quote}
This actually is fairly common in permissions systems. I can think of a couple
of examples:
* In POSIX permissions, the user who creates a file is the owner of that file,
and can generally do anything they want with that file regardless of what their
system-level permission status is - that is, they don't have to be root, or use
sudo, or have any additional capabilities in order to impact that file. And
this isn't just read/write/delete, this is things like extended attributes, and
POSIX ACLs, and the like, on systems that support those features.
* In NTFS ACLs, files/folders that get created are assigned an owner, and you
can assign that owner some set of default rights on those objects - and the
default default rights are Full Control - meaning you can do anything you want
with the file or folder that you own.
* Many databases also function this way - in a PostgreSQL database, if I grant
rights to a user to be able to create schemas or tables, that user will own
those schemas and tables that they create, and, even if I revoke the ability of
that user to create more schemas or tables, they will still be the owner of
those objects and have complete control over them, unless I change ownership
and revoke permissions to those specific items.
Just a few examples to point out that Guacamole isn't all that unique in how it
approaches those permissions. Now, Guacamole doesn't specify the actual owner
of any objects, just grants ADMINISTER permissions to the user who created the
object, so there isn't any ownership to change or remove, just other
permissions that should probably be revoked, or, at the very least, manageable.
> Permissions system behaving unexpectedly
> ----------------------------------------
>
> Key: GUACAMOLE-1957
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1957
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 1.5.5
> Environment: Guacamole and guacd installed using official docker
> images.
> Reporter: Adam
> Priority: Minor
>
> If an user have any administrative permissions assigned to him, either
> directly or inherited from a group, and created anything using this
> permissions (user, group, connection, etc.), he can make administrative
> actions on these items even after administrative permissions are detached
> from him directly or by removing from group from which these permissions were
> inherited.
> This effectively makes user a lifelong administrator of items he created,
> even after this user does not have these permissions anymore.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
