• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5419: TWikiAdminGroup has got member TWikiAdminGroup

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal Closed   patch 4.2.1

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

See TWikiGroups.

Currently it shows: TWikiGroupsSnap1.png

-- TWiki:Main/MichaelDaum - 06 Mar 2008

(Never mind the red background color on TWikiContributor.)

-- TWiki:Main.MichaelDaum - 06 Mar 2008

I am not sure if there is a connection and if it has been fixed: TWiki has/had a user called TWikiAdminGroup, which is highly confusing. Above entry could be caused by this (unless spec was changed.)

-- TWiki:Main.PeterThoeny - 06 Mar 2008

See the TWikiAdminGroup. It is empty and there's no passwd related to an admin account called TWikiAdminGroup, at least not on my installs. I think this is a plain programming error, not sever at all.

-- TWiki:Main.MichaelDaum - 06 Mar 2008

I actually also remember someone - probably on IRC - talking about the fact that TWikiAdminGroup was both a group and a user. And that this "user" was only used internally in TWiki. Ie. did not exist as a user that can log in. It is confusing. In fact I find the whole admin process confusing and the sudo login has not made things easier (I originally argued for a different approach but at the end agreed to accept it as a compromize and has to accept that this is what we decided). But this TWikiAdminGroup which in come cases is seen as a user should be totally hidden to the users so I agree that it is a bug that it is listed in the TWikiGroups. It should be filtered out.

-- TWiki:Main.KennethLavrsen - 06 Mar 2008

The TWkiAdminGroup user is (was?) used to update statistics etc. It is better to rename it to something more intuitive, such as TWikiDaemon, TWikiBot or the like. As such I find it useful to list that user in the TWikiAdminGroup and to ship a TWikiDaemon topic that explains what this user is about.

-- TWiki:Main.PeterThoeny - 07 Mar 2008

There is, and always has been, an internal Admin user, who's name is set in the configuration file - see {AdminUserWikiName}

That this user has been hidden from you in prior versions, due to the nature of the being able to have a user with the same name as a group, is a security issue, that thankfully is now resolved.

to put it in simple terms, TWikiAdminGroup has got member TWikiAdminGroup is correct, and there is no bug. If you want to change that user's name, goto configure, and change it. (same as in 4.1, 4.0, 3.0...)

-- TWiki:Main.SvenDowideit - 13 Mar 2008

What was the security issue you mentioned, Sven?
Is there a pending security issue in 4.1.2?
Do we need to ship a security patch release for it?
Why is there no TWikiAdmin user?

-- TWiki:Main.MichaelDaum - 13 Mar 2008

Using the same name for user and group is common in Unix. For usability in the wiki I think we should do this for the distribution:

  • Keep group name TWikiAdminGroup as is
  • Rename user name TWikiAdminGroup to TWikiDaemon (topic name and {AdminUserWikiName} setting)

-- TWiki:Main.PeterThoeny - 13 Mar 2008

Why not make TWikiAdmin a real user account that is member of the TWikiAdminGroup and that people can use to login?

-- TWiki:Main.MichaelDaum - 13 Mar 2008

To rearrange the sentence - "That this user has been hidden from you in prior versions is a security issue, whereby we hide the fact that creating a user with that name is magically admin.". From what I recal, This won't happen through normal registration, because the Group topic gets in the way - but they rename it and do not create a topic they might have trouble.

Personally I consider the internal user a real user account, but there is nothing stopping you from creating a real user account. Point is that we can't ship with one reliably.

-- TWiki:Main.SvenDowideit - 13 Mar 2008

Hence a TWikiDaemon user, renamed from the confusing TWikiAdminGroup user.

-- TWiki:Main.PeterThoeny - 04 Jun 2008

I just checked the 4.2.1 code and the TWikiAdminGroup (user) is NOT shown as a member of TWikiAdminGroup any longer.

It seems this problem is already resolved. The member is now TWikiAdminUser.

I am closing this bug.

-- TWiki:Main.KennethLavrsen - 05 Jun 2008

ItemTemplate
Summary TWikiAdminGroup has got member TWikiAdminGroup
ReportedBy TWiki:Main.MichaelDaum
Codebase

SVN Range TWiki-5.0.0, Wed, 23 Jan 2008, build 16283
AppliesTo Engine
Component

Priority Normal
CurrentState Closed
WaitingFor

Checkins

TargetRelease patch
ReleasedIn 4.2.1
Topic attachments
I Attachment History Action Size Date Who Comment
PNGpng TWikiGroupsSnap1.png r1 manage 13.4 K 2008-03-06 - 09:57 UnknownUser  
Edit | Attach | Watch | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r12 - 2008-06-05 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback