Bug #5152
closed
Assigning a group with SSH privileges to a user does not properly enable SSH when the account is created
0%
Description
Assigning a group with SSH privileges to a user does not properly enable SSH when the account is created.
When adding a user to a group with SSH permissions, such as the admin group, on the first Save to create the account the passwd entry shows LOCKED and it has the nologin shell. Save the user again and the password and shell are OK.
Updated by Jim Pingle about 9 years ago
Tested on 2.2.4 and 2.3, problem exists on both.
Updated by Jim Pingle about 9 years ago
Seems to be caused by 5372d26d9d25d751d16865ed9d46869d3b0ec5e1 -- chicken-and-egg problem with users and groups.
Updated by Phillip Davis about 9 years ago
I guess that after local_user_set_groups() it should then do something from local_user_set() again to make whatever installation steps are needed for rights/functions that the user is entitled to due to the groups they are now in.
Updated by Phillip Davis about 9 years ago
Oh - I see you did the other way around - call local_user_set_groups() twice. That should work also.
Note that is commit https://github.com/pfsense/pfsense/commit/900ce3b0eeb9bec8797bea83372952e043e8d2fc
Somehow that did not auto-log itself here in Redmine.
Updated by Phillip Davis about 9 years ago
Commit for RELENG_2_2 is https://github.com/pfsense/pfsense/commit/2c42910ad782aeea24991e697716398c498794cf
Updated by Jim Pingle about 9 years ago
- Status changed from New to Resolved
Yeah it was easier to fix the way I did it. I know we've had some back-and-forth with how to order those operations in the past so I made sure to put some extra descriptive comments there so someone doesn't accidentally take one out thinking it's an error in the future. (Well, until some day in the future when all that code gets rewritten and it no longer matters... :-)
Thanks for the extra eyes on this.