svc: Disallow creating services accounts by root (#12062)

2025-11-10 14:09:48 -05:00 · 2021-04-15 16:43:44 +01:00
parent 291d2793ca
commit 150f3677d6
1 changed files with 6 additions and 0 deletions
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@@ -491,6 +491,12 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
 	}

 	// Disallow creating service accounts by root user.
+	if owner {
+		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminAccountNotEligible), r.URL)
+		return
+	}
+
+	// Disallow creating service accounts for root user.
 	if createReq.TargetUser == globalActiveCred.AccessKey {
 		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminAccountNotEligible), r.URL)
 		return