Bug #7375
closedUser with restricted privileges can still delete all monitoring/graphing data
100%
Description
I attempted to create a "graph-viewing-only" user account that I could hand out to non-admin users so that they could check WAN gateway quality without allowing them the ability to change or break any configs. In testing this, I discovered that all functions that wrote changes to disk were successfully blocked for this user account, except that it could permanently delete all graphing data even though it had the "Deny Config Write" permission set.
Seen on the latest beta: 2.4.0.b.20170309.1553
Steps to reproduce:- As an admin, create a new user account "readonlymonitor", set a password, and save the new account
- Edit the new account, and under "Effective Privileges", add the following two privileges:
- User - Config: Deny Config Write
- WebCfg - Status: Monitoring
- Save the account settings, and logout of the pfSense web UI
- Login as the "readonlymonitor" user
- You should automatically arrive at the Status -> Monitoring page, since it's your only privilege
- For the purposes of testing, verify that at least some graphing data already exists and is being displayed properly
- Click on the Settings wrench icon
- Click the Display Advanced button
- Click the red Reset Data button and approve the confirmation pop-up
- Note that the refreshed graph now has no data points
Logging out and logging back in as admin, one can confirm that the deletion was indeed permanent and not an artifact because the graphs will still have zero data points even when viewed as admin.
If a user account is assigned the "User - Config: Deny Config Write" privilege, I think it is reasonable to assume that they should be prevented from deleting large amounts of data such as the RRD graphs, even if this data may not be part of the config database in the strictest sense.
Updated by Jared Dillard about 7 years ago
- Status changed from New to Assigned
- Assignee set to Jared Dillard
Updated by Viktor Gurov over 3 years ago
Updated by Jim Pingle over 3 years ago
- Status changed from Assigned to Pull Request Review
Updated by Renato Botelho over 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Alhusein Zawi over 3 years ago
I followed the steps
at Step 9 I received "Insufficient privileges to make the requested change (read only)." and Graph/data has not been deleted.
Fixed.
Updated by Alhusein Zawi over 3 years ago
- Status changed from Feedback to Resolved