Ticket #1048 (new defect)
sssd should have a mode to only return Usernames for My UID and My Groups.
|Reported by:||dpal||Owned by:||somebody|
|Coverity Bug:||Patch Submitted:|
|Red Hat Bugzilla:||726408||Design link:|
|Design review:||Fedora test page:|
|Chosen:||Candidate to push out:|
Description of problem: As we move to multi-tenant environments we might want to start preventing full read access to the /etc/passwd machine, or the ability to dump all users in the passwd database. I would like to be able to use SELinux to lock down access to the /etc/passwd file, so users could not cat the file. And even prevent most apps on the machine from reading the file. Then have sssd become the arbiter of who gets translations. I would suggest that we add a flag the the sssd configuration that would say, translate only the names that the requesting UID is a member of. Meaning that dwalsh could translate the UID of dwalsh, and all users in the Engineering group. But other UID, would not resolve. If I am user "Coke" and I execute getpwnam("Pepsi"), I would want this to return no such user. If I saw a process on the machine that was running as uid 1234 and I was not 1234 and 1234 was not in any of mygroups I would want sssd to not translate the UID. The biggest use case for this I would see is multitenant environments where an admin does not want users on the system to know anything about the other users on the system. (OpenShift Express) for example. But also large terminal servers would like to run in this mode.
Note: See TracTickets for help on using tickets.