Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable auto admin access when using the WindowsUserService #650

Closed
gitblit opened this issue Aug 12, 2015 · 4 comments
Closed

Configurable auto admin access when using the WindowsUserService #650

gitblit opened this issue Aug 12, 2015 · 4 comments

Comments

@gitblit
Copy link
Collaborator

gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 354

Currently, the WindowsUserService will automatically add all users from the BUILTIN\Administrators
group as repository admins. However, this is a potential security threat as the domain
admins and other local admin groups will automatically get complete control over the
repository.

It would be very nice if this default behavior can be disabled at config time, for
example, using an option in the gitblit.properties. 

This will require a minor change in com.gitblit.auth.WindowsAuthProvider (line 162)
to implement.


Reported by ventsi84 on 2013-12-19 14:05:01

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Hmm...  doesn't having admin access to the server trump admin access to the webapp?

Reported by James.Moger on 2014-02-21 16:37:52

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Well, in general yes but it also requires proactive modifications to the webapp on the
server which are easier to track. 
However, by implicitly giving adm access to the repositories to all local admins (including
domain admins), anyone with such access can simply login to the web ui and do everything.
In the best case, such an event will be logged to gitblit logs which may not be actively
monitored... 

Reported by ventsi84 on 2014-02-21 17:29:29

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

New setting has been merged to master.

Reported by James.Moger on 2014-02-21 20:41:14

  • Status changed: Queued
  • Labels added: Milestone-1.4.0, Ticket-12

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

1.4.0 released.

Reported by James.Moger on 2014-03-09 18:06:21

  • Status changed: Done

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix modified the milestone: 1.4.0 Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants