Project

General

Profile

Bug #5152

Assigning a group with SSH privileges to a user does not properly enable SSH when the account is created

Added by Jim Pingle about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
09/16/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

Assigning a group with SSH privileges to a user does not properly enable SSH when the account is created.

When adding a user to a group with SSH permissions, such as the admin group, on the first Save to create the account the passwd entry shows LOCKED and it has the nologin shell. Save the user again and the password and shell are OK.

History

#1 Updated by Jim Pingle about 4 years ago

Tested on 2.2.4 and 2.3, problem exists on both.

#2 Updated by Jim Pingle about 4 years ago

Seems to be caused by 5372d26d9d25d751d16865ed9d46869d3b0ec5e1 -- chicken-and-egg problem with users and groups.

#3 Updated by Phillip Davis about 4 years ago

I guess that after local_user_set_groups() it should then do something from local_user_set() again to make whatever installation steps are needed for rights/functions that the user is entitled to due to the groups they are now in.

#4 Updated by Phillip Davis about 4 years ago

Oh - I see you did the other way around - call local_user_set_groups() twice. That should work also.
Note that is commit https://github.com/pfsense/pfsense/commit/900ce3b0eeb9bec8797bea83372952e043e8d2fc
Somehow that did not auto-log itself here in Redmine.

#6 Updated by Jim Pingle about 4 years ago

  • Status changed from New to Resolved

Yeah it was easier to fix the way I did it. I know we've had some back-and-forth with how to order those operations in the past so I made sure to put some extra descriptive comments there so someone doesn't accidentally take one out thinking it's an error in the future. (Well, until some day in the future when all that code gets rewritten and it no longer matters... :-)

Thanks for the extra eyes on this.

Also available in: Atom PDF