At 01:26 PM 8/24/2000 -0700, Mark Lakata wrote:
we've noted that ANYONE that knows the name of the p4 superuser has
superuser permission. I.E.,
p4 -u superdood protect
will allow anybody to change protections on anything (assuming "superdood"
is the superuser). We actually use this in our scripts so anyone can
view the current list of protections, i.e. $stat = `p4 -u superdood
protect -o`. Hopefully none of the users look at the script...
Yup. One of the things I emphasize in training courses is that
you don't have to use passwords on Perforce accounts.
But that it's probably a good idea to use them for the
Perforce administrator account.
-Jeff Bowles
ps. The "other" thing I say, in the same breath, is that
the first person to run "p4 protect" is recorded as the
administrator in its "default" set of permissions. So if it's
a new installation, run "p4 protect" to set YOURSELF as
the admin, before pointing your users to your server.
3 messages in com.perforce.perforce-user[p4] permissions, labels
