The user with number 1 is no longer automatically an Aide.

Plugs that little security hole that an attacker would need to be very
quick to exploit.
NB. If the system Aide is not correct in the config the Aide may loose
priviledges and will need to run setup to get them back.

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index a7504f0e418a0de7d82cb30dcda26172a2a40177..b9f0c400ea7747259420a03534784319204c4b3d 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -1063,11 +1063,6 @@ int create_user(char *newusername, int become_user)
        /* fetch a new user number */
        usbuf.usernum = get_new_user_number();
 
-       /* The very first user created on the system will always be an Aide */
-       if (usbuf.usernum == 1L) {
-               usbuf.axlevel = 6;
-       }
-
        /* add user to the database */
        putuser(&usbuf);
        cdb_store(CDB_USERSBYNUMBER, &usbuf.usernum, sizeof(long), usbuf.fullname, strlen(usbuf.fullname)+1);