Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] GUI User and Group edit rights blocked for 'root'
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] GUI User and Group edit rights blocked for 'root' (Read 4300 times)
Northguy
Full Member
Posts: 118
Karma: 11
[SOLVED] GUI User and Group edit rights blocked for 'root'
«
on:
December 04, 2018, 06:26:57 pm »
All,
Help needed.
Somehow I messed something up with the user access rights on the GUI access system which now effectively blocks any new changes that I try to make. Root user does not have access rights anymore.
What I tried to do: remove unused menu entries by deselecting them in the 'admin' group. Don't know what I did exactly to cause this issue. My mouse got stuck somehow and I made a wrong move by selecting something. In my impression I did nothing wrong, but how do I now resolve this issue?
Please find attached GUI settings of 'root user.
«
Last Edit: December 08, 2018, 11:12:31 am by franco
»
Logged
Northguy
Full Member
Posts: 118
Karma: 11
Re: GUI system:access:User and system:access:group edit rights blocked for 'root'
«
Reply #1 on:
December 06, 2018, 04:19:56 pm »
Does anyone have a clue where in the background these settings are stored, so that I can change them back though SSH?
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: GUI system:access:User and system:access:group edit rights blocked for 'root'
«
Reply #2 on:
December 07, 2018, 07:40:44 am »
Sorry for the late reply, edit /conf/config.xml to remove the following line:
"<priv>user-config-readonly</priv>"
It is not suitable for the admins group.
Cheers,
Franco
Logged
Northguy
Full Member
Posts: 118
Karma: 11
Re: GUI system:access:User and system:access:group edit rights blocked for 'root'
«
Reply #3 on:
December 07, 2018, 09:57:31 am »
Hey Franco,
Thanks! That did the trick... I still wonder what I did wrong to cause this situation...
Thanks,
Patrick
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: GUI system:access:User and system:access:group edit rights blocked for 'root'
«
Reply #4 on:
December 07, 2018, 02:23:15 pm »
Hi Patrick,
Glad that helped.
Hmm, I guess you wanted to add *all* privileges to admins, which pulled in the deny config write privilege as well by design.... not the greatest design to be fair.
The update to or over 18.7.7 added this due to a security issue:
https://github.com/opnsense/changelog/blob/a2119f5cfcb92bd08a7af50575543662cb71212a/doc/18.7/18.7.7#L27
So that's when this started behaving abnormally.
We're not happy with deny config write so we are looking for better solutions in the long term.
Cheers,
Franco
Logged
Northguy
Full Member
Posts: 118
Karma: 11
Re: GUI system:access:User and system:access:group edit rights blocked for 'root'
«
Reply #5 on:
December 08, 2018, 01:00:14 am »
Thanks for the clarification!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] GUI User and Group edit rights blocked for 'root'