[SOLVED] GUI User and Group edit rights blocked for 'root'

[Northguy]

All,

Help needed.

Somehow I messed something up with the user access rights on the GUI access system which now effectively blocks any new changes that I try to make. Root user does not have access rights anymore.



What I tried to do: remove unused menu entries by deselecting them in the 'admin' group. Don't know what I did exactly to cause this issue. My mouse got stuck somehow and I made a wrong move by selecting something. In my impression I did nothing wrong, but how do I now resolve this issue?

Please find attached GUI settings of 'root user.

[Northguy]

Does anyone have a clue where in the background these settings are stored, so that I can change them back though SSH?

[franco]

Sorry for the late reply, edit /conf/config.xml to remove the following line:

"<priv>user-config-readonly</priv>"

It is not suitable for the admins group.


Cheers,
Franco

[Northguy]

Hey Franco,

Thanks! That did the trick... I still wonder what I did wrong to cause this situation...

Thanks,

Patrick

[franco]

Hi Patrick,

Glad that helped.

Hmm, I guess you wanted to add *all* privileges to admins, which pulled in the deny config write privilege as well by design.... not the greatest design to be fair.

The update to or over 18.7.7 added this due to a security issue:

https://github.com/opnsense/changelog/blob/a2119f5cfcb92bd08a7af50575543662cb71212a/doc/18.7/18.7.7#L27

So that's when this started behaving abnormally.

We're not happy with deny config write so we are looking for better solutions in the long term.


Cheers,
Franco

[Northguy]

Thanks for the clarification!