Ticket #1048 (new defect)

Opened 3 years ago

Last modified 2 years ago

sssd should have a mode to only return Usernames for My UID and My Groups.

Reported by: dpal Owned by: somebody
Priority: major Milestone: SSSD Deferred
Component: SSSD Version:
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: Coverity Bug:
Patch Submitted: Red Hat Bugzilla: 726408
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

https://bugzilla.redhat.com/show_bug.cgi?id=726408

Description of problem:

As we move to multi-tenant environments we might want to start preventing full
read access to the /etc/passwd machine, or the ability to dump all users in the
passwd database.

I would like to be able to use SELinux to lock down access to the /etc/passwd
file, so users could not cat the file.  And even prevent most apps on the
machine from reading the file.  Then have sssd become the arbiter of who gets
translations.

I would suggest that we add a flag the the sssd configuration that would say,
translate only the names that the requesting UID is a member of.

Meaning that dwalsh could translate the UID of dwalsh, and all users in the
Engineering group.  But other UID, would not resolve.

If I am user "Coke" and I execute getpwnam("Pepsi"), I would want this to
return no such user.  If I saw a process on the machine that was running as uid
1234 and I was not 1234 and 1234 was not in any of mygroups I would want sssd
to not translate the UID.

The biggest use case for this I would see is multitenant environments where an
admin does not want users on the system to know anything about the other users
on the system.  (OpenShift Express) for example.  But also large terminal
servers would like to run in this mode.

Change History

comment:1 Changed 2 years ago by mkosek

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=726408 726408]
Note: See TracTickets for help on using tickets.