User creation is not logged correctly
1. Creating a non-admin user via WebGUI does not show in log.
2. Creating a new user in admin group shows in log as an error and instead of username nextuserid is shown.
/system_usermanager.php: The command '/usr/sbin/pw groupmod -l 'admins' -g '1999' -M '0,2020' 2>&1' returned exit code '67', the output was 'pw: user `2020' does not exist'
See also PCI DSS requirement 10.2.5
Updated by Jim Pingle over 5 years ago
- Tracker changed from Bug to Feature
#1 Adding logging is a feature request, not a bug.
#2 is not a logging issue, it's a bug and it needs its own ticket.
It's not easily possible to separate logging of create/edit/delete for admin users since any group can have "admin" privileges not just the admins group, and in terms of firewall privileges it's vague on which are or are not considered "admin" privileges.
We can at least add consistent logging for various user/group operations.