Project

General

Profile

Actions

Bug #9259

closed

User with "Deny Config Write" privilege is not fully prevented from creating accounts

Added by Stefan Beckers over 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
01/07/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.4_1
Affected Architecture:
All

Description

I do log into the web GUI as a user "myuser" with admin group membership (other than the builtin admin/root). I used to be able to add a user to the system.

Now the creation of a new user fails and

  • the console gives me hostname php-fpm[12038]: Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'myuser@192.168.1.1 (Local Database)'.
  • The user is invisible in the GUI
  • The user was created in /etc/passwd and the rest of the system

I have not altered the "admin" group and "myuser" is member in the admin group. We do have other groups with restrictions, which do not apply to the user "myuser", used above.

Interestingly the next try on the GUI fails, stating in the GUI "That username is reserved by the system." Reason: the new user was created on system level but stays invisible in the web GUI.

How to resolve this:
  • Clean up the system from your last try
    • rmuser
  • log in as buildtin "admin" user on web GUI
  • create user as usual

Files

diff_usermanager.txt (1.08 KB) diff_usermanager.txt Martin VENÇON, 05/07/2020 04:29 AM
Actions

Also available in: Atom PDF