Project

General

Profile

Actions

Bug #9622

closed

Changing admins membership does not replicate correctly to HA slave

Added by Brian Candler about 5 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
XMLRPC
Target version:
Start date:
07/09/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

To reproduce, on a pfSense 2.4.4-3 HA cluster

  • On the master: create a user which is not a member of the "admins" group
    - it is created on both master and slave with /sbin/nologin as the shell in /etc/passwd, and *LOCKED* in /etc/master.passwd
  • On the master: move the user into the "admins" group and save
    - on the master, the account works as expected
    - however on the slave, the shell remains as /sbin/nologin and *LOCKED* remains in /etc/master.passwd
    - as a result, the user cannot get a shell login on the slave

WORKAROUND: Delete and recreate the user with the admins group membership. But beware: this leaves the /home/USER/.ssh directory on the slave owned by the old UID, so you need to manually chown it to the new UID.

Actions #1

Updated by Jim Pingle about 5 years ago

  • Category set to User Manager / Privileges
Actions #2

Updated by Jim Pingle about 5 years ago

Probably related to #9539

Actions #3

Updated by Viktor Gurov over 4 years ago

Updated PR with added checkbox to on/off feature:
https://github.com/pfsense/pfsense/pull/4221

Actions #4

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0
Actions #5

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #6

Updated by Viktor Gurov over 4 years ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.0.a.20200426.2333

Actions #7

Updated by Jim Pingle almost 4 years ago

  • Category changed from User Manager / Privileges to XMLRPC
Actions

Also available in: Atom PDF