Bug #7883
closed
Aliases can only be deleted by some users
Added by Felix Wolfsteller about 7 years ago.
Updated about 7 years ago.
Description
We have following setup:
- pfsense 2.3.4-RELEASE-p1
- one default admin user
- one user with all privileges assigned and admin group membership
When using the Diagnostics DNS lookup an firewall alias is created (why?), however only the "admin" admin user can delete these aliases.
So, new insights (and the bug in that form can be closed):
- alias generation was not automatic but user triggered
- the user in question was member of a second group
- although ALL priviledges were assigned manually (and inherited by the admin group), apparently the more restrictive permissions of the second group seem to have interfered with the effective privileges (although this was not reflected in the GUI).
- A similar issue arose when editing dhcp pools. The GUI presented a success-message, although the values were not changed.
I believe a follow-up issue would be advisable.
- Status changed from New to Not a Bug
Most likely they had the 'deny config write' privilege which will do exactly this, and it's expected. On 2.4 it will log an error in that case.
Also available in: Atom
PDF