OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • 'read-onéy' access allows reordering rules
« previous next »
  • Print
Pages: [1]

Author Topic: 'read-onéy' access allows reordering rules  (Read 2015 times)

GaardenZwerch

  • Full Member
  • ***
  • Posts: 104
  • Karma: 2
    • View Profile
'read-onéy' access allows reordering rules
« on: August 12, 2022, 01:47:25 pm »
Hi All,
I have tried to setup a 'read-only' access to the web-gui, with the intention of allowing to allow a given user to look at the config, but not mess with it.
I find that if I give a user access to the gui pages 'without edit' for rules and NAT, he can still reorder the rules.
He can't edit Aliases or rules, but he can still select a rule, and move it around with the <- icon.
Is this expected/known/wanted?
Thanks a lot in advance,
Frank
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6807
  • Karma: 572
    • View Profile
Re: 'read-onéy' access allows reordering rules
« Reply #1 on: August 12, 2022, 01:58:43 pm »
Can they save/apply?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: 'read-onéy' access allows reordering rules
« Reply #2 on: August 12, 2022, 02:07:22 pm »
At first glance moving rules also requires write_config() which fails for read-only users. I don't want to say it's not possible as that could always be the case with hidden bugs, but it needs precise steps to reproduce (and possibly responsible disclosure).


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • 'read-onéy' access allows reordering rules
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2