Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
read only user
« previous
next »
Print
Pages: [
1
]
Author
Topic: read only user (Read 4354 times)
naltalef
Newbie
Posts: 38
Karma: 2
read only user
«
on:
March 13, 2019, 07:36:14 pm »
Hi.
I'm trying to configure a read-only group.
In the group privileges I selected:
All Pages
System: Deny config write.
It works fine, but there are some exceptions like:
Firewall Alias that can be modified
Services like snmp, ftpproxy and monit also can be modified (I did not try all but Network Time remains readonly for example).
I would like to know which is the correct way to assign readonly permissions for a group or user.
Many thanks
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: read only user
«
Reply #1 on:
March 14, 2019, 05:57:23 am »
The difference is probably legacy/API as this is a feature of the old pages.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: read only user
«
Reply #2 on:
March 14, 2019, 10:35:52 am »
There's a fix here
https://github.com/opnsense/core/commit/3af02197b884
but we're not going to add any urgency to this as we said this previously:
https://github.com/opnsense/changelog/blob/a2119f5cfcb92bd08a7af50575543662cb71212a/doc/18.7/18.7.7#L13-L18
The "privilege" to take away privilege is deeply flawed from the get go and we'll just be continuing to patch this up again and again if it is not replaced by a better solution which could happen in 19.7, but we're not 100% sure as of yet.
Cheers,
Franco
Logged
naltalef
Newbie
Posts: 38
Karma: 2
Re: read only user
«
Reply #3 on:
March 14, 2019, 03:05:38 pm »
Hi Franco/Fabian.
Thanks for the reply.
I understand perfectly what are you saying and I can survive without this.
It will be safer for us create a test machine where the user can learn and become familiar with the interface.
Regards
Norberto
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
read only user