From b022936491333097b2d806e86d26010f13bb39a3 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 26 Mar 2018 15:16:44 -0400
Subject: [PATCH] Remove security risk of forceroot

Any user can specificy 'forceroot'.  Remove this and rely
upon the other method to properly use the 'trusted' role.
---
 xCAT-server/lib/xcat/plugins/xdsh.pm | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/xCAT-server/lib/xcat/plugins/xdsh.pm b/xCAT-server/lib/xcat/plugins/xdsh.pm
index 2a2c98fd5..3378e512a 100644
--- a/xCAT-server/lib/xcat/plugins/xdsh.pm
+++ b/xCAT-server/lib/xcat/plugins/xdsh.pm
@@ -639,7 +639,6 @@ sub process_servicenodes_xdcp
         $addreq->{'_xcatdest'} = $::mnname;
         $addreq->{node}        = \@sn;
         $addreq->{noderange}   = \@sn;
-        $addreq->{forceroot}->[0]   = 1;
 
         # check input request for --nodestatus
         my $args = $req->{arg};    # argument
@@ -1216,9 +1215,6 @@ sub process_request
             $ENV{DSH_FROM_USERID} = $request->{username}->[0];
         }
     }
-    if ($request->{forceroot}) {
-        $ENV{DSH_FROM_USERID} = 'root';
-    }
     if ($command eq "xdsh")
     {
         xdsh($nodes, $args, $callback, $command, $request->{noderange}->[0]);