From 150f3677d652bf0468211463d076246d997d9629 Mon Sep 17 00:00:00 2001
From: Anis Elleuch <vadmeste@users.noreply.github.com>
Date: Thu, 15 Apr 2021 16:43:44 +0100
Subject: [PATCH] svc: Disallow creating services accounts by root (#12062)

---
 cmd/admin-handlers-users.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go
index e7537a70f..47b04b7ad 100644
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@@ -491,6 +491,12 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
 	}
 
 	// Disallow creating service accounts by root user.
+	if owner {
+		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminAccountNotEligible), r.URL)
+		return
+	}
+
+	// Disallow creating service accounts for root user.
 	if createReq.TargetUser == globalActiveCred.AccessKey {
 		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminAccountNotEligible), r.URL)
 		return