[SOLVED] GUI User and Group edit rights blocked for 'root'

Started by Northguy, December 04, 2018, 06:26:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 04, 2018, 06:26:57 PM Last Edit: December 08, 2018, 11:12:31 AM by franco
All,

Help needed.

Somehow I messed something up with the user access rights on the GUI access system which now effectively blocks any new changes that I try to make. Root user does not have access rights anymore.



What I tried to do: remove unused menu entries by deselecting them in the 'admin' group. Don't know what I did exactly to cause this issue. My mouse got stuck somehow and I made a wrong move by selecting something. In my impression I did nothing wrong, but how do I now resolve this issue?

Please find attached GUI settings of 'root user.

December 06, 2018, 04:19:56 PM #1
Does anyone have a clue where in the background these settings are stored, so that I can change them back though SSH?
December 07, 2018, 07:40:44 AM #2
Sorry for the late reply, edit /conf/config.xml to remove the following line:

"<priv>user-config-readonly</priv>"

It is not suitable for the admins group.


Cheers,
Franco
December 07, 2018, 09:57:31 AM #3
Hey Franco,

Thanks! That did the trick... I still wonder what I did wrong to cause this situation...

Thanks,

Patrick
December 07, 2018, 02:23:15 PM #4
Hi Patrick,

Glad that helped.

Hmm, I guess you wanted to add *all* privileges to admins, which pulled in the deny config write privilege as well by design.... not the greatest design to be fair.

The update to or over 18.7.7 added this due to a security issue:

https://github.com/opnsense/changelog/blob/a2119f5cfcb92bd08a7af50575543662cb71212a/doc/18.7/18.7.7#L27

So that's when this started behaving abnormally.

We're not happy with deny config write so we are looking for better solutions in the long term.


Cheers,
Franco
December 08, 2018, 01:00:14 AM #5
Thanks for the clarification!
Print
Go Up Pages1
User actions