Project

General

Profile

Bug #4034

AutoConfigBackup - user-config-readonly priv still does backup

Added by Phillip Davis over 4 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
AutoConfigBackup
Target version:
-
Start date:
11/22/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

A user with the priv user-config-readonly cannot change the config. This is handled correctly in write_config().
But AutoConfigBackup still makes a backup each time that read-only user presses Save somewhere. Thus a read-only webGUI user can quickly generate loads of backups when they are moving around looking and learning. That can mean interesting backup history is lost from the normal 100 backups that are retained on the server.
It would be nice if AutoConfigBackup also checked for user-config-readonly priv before making the backup.

History

#1 Updated by Chris Buechler over 4 years ago

  • Category set to AutoConfigBackup
  • Status changed from New to Confirmed

We'll fix this as part of ACB enhancements immediately post-2.2.

#2 Updated by Jim Thompson over 2 years ago

  • Assignee set to Steve Beaver

#3 Updated by Kill Bill over 2 years ago

Well I think this bug is gone since this commit (which disabled the unwanted duplicated backups as well) - https://github.com/pfsense/FreeBSD-ports/commit/7ea386661b17ba3b666237900c5b22790b581f64

#4 Updated by Jim Pingle over 2 years ago

  • Status changed from Confirmed to Resolved

Confirmed as fixed. A user with the Deny Config Write privilege won't trigger a new ACB entry on save.

Also available in: Atom PDF