[
https://issues.apache.org/jira/browse/COUCHDB-1374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13180303#comment-13180303
]
Marcos Zanona commented on COUCHDB-1374:
----------------------------------------
It seems that deleting a server admin from the _users database doesn't mean
delete that server admin, for that it's needed to check the ini file and delete
it from there.
Perhaps in the future Futon could provide an interface for deleting those users
without having to access the .ini file, but I believe I can't mark this as a
bug since it is the way it is supposed to work.
> Server Admin never gets deleted
> -------------------------------
>
> Key: COUCHDB-1374
> URL: https://issues.apache.org/jira/browse/COUCHDB-1374
> Project: CouchDB
> Issue Type: Bug
> Components: Futon, Infrastructure
> Affects Versions: 1.1.1
> Reporter: Marcos Zanona
> Labels: admin, login, security, validation
> Fix For: 1.2, 1.3, 1.1.2
>
>
> It seems that when creating a Server Admin and then deleting that same user
> with another admin makes the first user stay active, resulting in a no
> deletion and doesn't block the access to the old admin access.
> It becomes marked as {"error":"not_found","reason":"deleted"} but still
> having access to the whole system as an admin.
> Also, Futon let's you create another simple user with the same name as the
> deleted server admin without any problem, resulting on a password change for
> the old server admin, but that user will stay as a server admin even if that
> wasn't the original intention.
> * I have experienced this creating these users through Futon by using the
> "Setup more admins" popup
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
