https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-10-19T08:50:07ZpfSense bugtrackerpfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390152018-10-19T08:50:07ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Consider the "all" group when determining privileges. Fixes #9051" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/fe1afbb7549907e0d1cdfbf85d5f36d075a6a916">fe1afbb7549907e0d1cdfbf85d5f36d075a6a916</a>.</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390292018-10-20T08:55:12ZRonald Schellberg
<ul></ul><p>Jim Pingle wrote:</p>
<blockquote>
<p>All users are a member of the "All Users" group (actual group name internally: <code>all</code>).</p>
<p>Privileges can be added to this group, but they are not being honored. For example, with the "WebCfg - System: User Password Manager" privilege on the All Users group, a user with no other privileges cannot reach the page.</p>
</blockquote>
<p>This change set has created another issue for me. I had created a second admin logon in the user manager GUI and disabled the default "admin" user for increased security.</p>
<p>When I attempted to log on with second admin user, I get the "no page assigned to this user! Click here to logout." error response. Since the default admin user had been disabled, recovery required I had to resort to the "Option 3 - reset webConfigurator password" console option to gain GUI access again.</p>
<p>For some reason the GUI does not recognize my second admin user to be part of the admins group. The group page shows a member count of 2 in the admins group and my second admin user is listed in the members list.</p>
<p>When I review the "all" group, it has no assigned privileges, triggering the "no page assigned" response I assume. I could add privileges to "all" group, but that would defeat the purpose of the admins group.</p>
<p>For now I have reverted to using the default "admin" user name</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390302018-10-20T09:16:23ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>In Progress</i></li></ul><p>That should not have been caused by this but I'll test it some more.</p>
<p>This should have only <em>added</em> privileges to the list a user has, not removed any access.</p>
<p>Do you mind sharing your user/group sections of config.xml so I can replicate it here? (remove the passwords and any other identifying info)</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390312018-10-20T10:15:19ZRonald Schellberg
<ul><li><strong>File</strong> <a href="/attachments/2636">config-Gateway.System-20181020085724.xml</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/2636/config-Gateway.System-20181020085724.xml">config-Gateway.System-20181020085724.xml</a> added</li></ul><p>Should be easy to replicate, I just added a new user to admins group.</p>
<p>In the attached config I had added "page-dashboard-all" privilege to the "all" group to avoid the "no page assigned" error.</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390482018-10-22T22:51:51ZMichael Kellogggrandrivers@gmail.com
<ul></ul><p>I just upgraded and got no page assigned</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390492018-10-22T23:48:38ZMichael Kellogggrandrivers@gmail.com
<ul></ul><p>removed the 'all' from both files and got access again, also admin is disabled using different user as admin</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=390552018-10-23T13:25:09ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul><p>Applied in changeset <a class="changeset" title="Fix processing of the 'all' group. Fixes #9051 All the 'all' group to the list of groups at the ..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/4de15854384e28004b0dc571dc8a40fda7eae694">4de15854384e28004b0dc571dc8a40fda7eae694</a>.</p> pfSense - Bug #9051: Privileges on 'all' group are not being honoredhttps://redmine.pfsense.org/issues/9051?journal_id=392842018-11-16T19:08:40ZPaighton Bisconer
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Tested on 2.4.5.a.20181116.1325</p>
<p>New user with no privileges receives "No page assigned to user"</p>
<p>After adding "WebCfg - All Pages" to the All group and logging in again with the same user, pages are accessible.</p>
<p>Marking resolved.</p>