Menu
▾
▴
#4875 More issues with acls in Password Change Module
In bug #4844 the acl file for the Password Change Module was corrected to list groups
used in mode=5 (allow edit users belonging to group) in the "groups" variable.
It had previously been listed in the "users" vaiable. This seems to be reasonable,
However, the code that is used to determine who is a member of that group is still using
the "users" variable, thus failing to find any users to edit.
In passwd/passwd-lib.pl
elsif ($access{'mode'} == 5) {
# Member of some group (except for exclusion list)
return 0 if (&indexof($_[0]->[0],
split(/\s+/, $access{'notusers'})) >= 0);
local $g = getgrgid($_[0]->[3]);
return 1 if (&indexof($g, split(/\s+/, $access{'users'})) >= 0);
if ($access{'sec'}) {
local $gname;
foreach $gname (split(/\s+/, $access{'users'})) {
local @g = getgrnam($gname);
return 1 if (&indexof($_[0]->[0],
split(/\s+/, $g[3])) >= 0);
}
}
return 0;
}
And in passwd/index.cgi
elsif ($access{'mode'} == 5) {
%notusers = map { $_, 1 } split(/\s+/, $access{'notusers'});
foreach $g (split(/\s+/, $access{'users'})) {
@g = getgrnam($g);
$gcan{$g[2]}++;
if ($access{'sec'}) {
foreach $m (split(/\s+/, $g[3])) {
$insec{$m}++;
}
}
}
}
Perhaps there are more places, I am not familiar with the webmin code organization.
-Thomas
Thanks -this will be fixed in the next release.