AutoConfigBackup - user-config-readonly priv still does backup
A user with the priv user-config-readonly cannot change the config. This is handled correctly in write_config().
But AutoConfigBackup still makes a backup each time that read-only user presses Save somewhere. Thus a read-only webGUI user can quickly generate loads of backups when they are moving around looking and learning. That can mean interesting backup history is lost from the normal 100 backups that are retained on the server.
It would be nice if AutoConfigBackup also checked for user-config-readonly priv before making the backup.
#3 Updated by Kill Bill over 2 years ago
Well I think this bug is gone since this commit (which disabled the unwanted duplicated backups as well) - https://github.com/pfsense/FreeBSD-ports/commit/7ea386661b17ba3b666237900c5b22790b581f64