Project

General

Profile

Bug #9622

Changing admins membership does not replicate correctly to HA slave

Added by Brian Candler almost 2 years ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Category:
XMLRPC
Target version:
Start date:
07/09/2019
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:
Release Notes:
Default

Description

To reproduce, on a pfSense 2.4.4-3 HA cluster

  • On the master: create a user which is not a member of the "admins" group
    - it is created on both master and slave with /sbin/nologin as the shell in /etc/passwd, and *LOCKED* in /etc/master.passwd
  • On the master: move the user into the "admins" group and save
    - on the master, the account works as expected
    - however on the slave, the shell remains as /sbin/nologin and *LOCKED* remains in /etc/master.passwd
    - as a result, the user cannot get a shell login on the slave

WORKAROUND: Delete and recreate the user with the admins group membership. But beware: this leaves the /home/USER/.ssh directory on the slave owned by the old UID, so you need to manually chown it to the new UID.

Associated revisions

Revision f9ed5d57 (diff)
Added by James Webb about 1 year ago

Synchronize admin accounts. Issue #9622

History

#1 Updated by Jim Pingle over 1 year ago

  • Category set to User Manager / Privileges

#2 Updated by Jim Pingle over 1 year ago

Probably related to #9539

#3 Updated by Viktor Gurov about 1 year ago

Updated PR with added checkbox to on/off feature:
https://github.com/pfsense/pfsense/pull/4221

#4 Updated by Jim Pingle about 1 year ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0

#5 Updated by Renato Botelho about 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#6 Updated by Viktor Gurov 12 months ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.0.a.20200426.2333

#7 Updated by Jim Pingle 5 months ago

  • Category changed from User Manager / Privileges to XMLRPC

Also available in: Atom PDF