Feature #3151
error 403 for the USER panel of Nethgui
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | - | |||
Target version: | ~FUTURE | |||
Resolution: | REJECTED | NEEDINFO: | No |
Description
I tried to connect a fresh user to the user panel of nethgui and i have had an 403 error with some log noise.
the url is : https://192.168.12.195:980/en/User
and the output is :
Nethgui:
403 - Forbidden
1327681977+1327499272
now I found some logs
FYI i have just created the user 'toto' set a password and tried to connect
[root@nethserver-dev ~]# db accounts show toto toto=user City= Company= Department= FirstName=toto LastName=de labrusse PhoneNumber= Street= Uid=5000 __state=active
now log
/var/log/secure Apr 8 15:39:23 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/db accounts setprop toto FirstName toto LastName de labrusse Company Department Street City PhoneNumber Apr 8 15:39:23 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/signal-event user-create toto Apr 8 15:39:28 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration Apr 8 15:39:59 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration Apr 8 15:39:59 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/validate password-strength Users Helene1975!soph,14 Apr 8 15:40:00 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/signal-event password-modify toto /tmp/ng-wLnD1g Apr 8 15:40:00 nethserver-dev passwd: pam_unix(passwd:chauthtok): user "toto" does not exist in /etc/passwd Apr 8 15:40:00 nethserver-dev passwd: pam_unix(passwd:chauthtok): user "toto" does not exist in /etc/passwd Apr 8 15:40:15 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/pam-authenticate-pw Apr 8 15:40:15 nethserver-dev unix_chkpwd[3087]: password check failed for user (toto) Apr 8 15:40:15 nethserver-dev perl: pam_unix(system-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=toto Apr 8 15:40:16 nethserver-dev sudo: srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration /var/log/message Apr 8 15:39:23 nethserver-dev esmith::event[3040]: Event: user-create toto Apr 8 15:39:23 nethserver-dev esmith::event[3040]: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130. Apr 8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/configuration: OLD MinUid=5000 Apr 8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/configuration: NEW MinUid=5001 Apr 8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street| Apr 8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000 Apr 8 15:39:24 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000 Apr 8 15:39:24 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|new Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S04user-create-unix SUCCESS [0.889787] Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130. Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S20nethserver-directory-organization-modify SUCCESS [0.138785] Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S25count-active-user-accounts SUCCESS [0.064452] Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S25nethserver-directory-user-modify SUCCESS [0.23281] Apr 8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S40nethserver-directory-password-policy SUCCESS [0.159251] Apr 8 15:39:25 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S85user-group-modify SUCCESS [0.119673] Apr 8 15:39:25 nethserver-dev esmith::event[3040]: Event: user-create SUCCESS Apr 8 15:39:59 nethserver-dev httpd-admin: [NOTICE] NethServer\Tool\ChangePassword: root is changing password to SomeoneElse (toto). Members of the adm group have no restriction (score = 1.00) Apr 8 15:40:00 nethserver-dev esmith::event[3070]: Event: password-modify toto /tmp/ng-wLnD1g Apr 8 15:40:00 nethserver-dev esmith::event[3070]: Changing password for user toto. Apr 8 15:40:00 nethserver-dev esmith::event[3070]: passwd: all authentication tokens updated successfully. Apr 8 15:40:00 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.514675] Apr 8 15:40:01 nethserver-dev /sbin/e-smith/db[3076]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|new Apr 8 15:40:01 nethserver-dev /sbin/e-smith/db[3076]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|active Apr 8 15:40:01 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S40user-activate SUCCESS [0.060966] Apr 8 15:40:01 nethserver-dev /etc/e-smith/events/password-modify/S80count-active-user-accounts[3077]: /var/lib/nethserver/db/configuration: OLD ActiveAccounts=0 Apr 8 15:40:01 nethserver-dev /etc/e-smith/events/password-modify/S80count-active-user-accounts[3077]: /var/lib/nethserver/db/configuration: NEW ActiveAccounts=1 Apr 8 15:40:01 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S80count-active-user-accounts SUCCESS [0.05882] Apr 8 15:40:02 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [1.001873] Apr 8 15:40:02 nethserver-dev esmith::event[3070]: Event: password-modify SUCCESS Apr 8 15:40:04 nethserver-dev httpd-admin: [NOTICE] Nethgui\Module\Logout: user root logged out Apr 8 15:40:16 nethserver-dev httpd-admin: [NOTICE] Nethgui\Authorization\User: user `toto` authenticated Apr 8 15:40:16 nethserver-dev httpd-admin: [ERROR] Nethgui\Framework: [1327499272] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `toto` resource `NethServer\Module\User:User` action `QUERY` May 7 09:02:05 nethserver-dev ntpd[1068]: 0.0.0.0 c612 02 freq_set kernel 2715137066.615 PPM May 7 09:02:05 nethserver-dev ntpd[1068]: 0.0.0.0 c61c 0c clock_step +2481635.278886 s May 7 09:02:06 nethserver-dev ntpd[1068]: 0.0.0.0 c618 08 no_sys_peer /var/log/httpd-admin/error_log [Wed Apr 08 15:34:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327492764] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `Anonymous` resource `NethServer\\Module\\Dashboard` action `INSTANTIATE`, referer: https://192.168.12.190:980/en/Dashboard [Wed Apr 08 15:34:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327492764] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `Anonymous` resource `NethServer\\Module\\AdminTodo` action `INSTANTIATE`, referer: https://192.168.12.190:980/en/Dashboard [Wed Apr 08 15:36:11 2015] [error] [client 192.168.12.25] File does not exist: /usr/share/nethesis/nethserver-manager/images/favicon.ico [Wed Apr 08 15:36:11 2015] [error] [client 192.168.12.25] File does not exist: /usr/share/nethesis/nethserver-manager/images/favicon.ico [Wed Apr 08 15:40:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327499272] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `toto` resource `NethServer\\Module\\User:User` action `QUERY`, referer: https://192.168.12.195:980/en/User
History
#1 Updated by stephane de Labrusse about 6 years ago
#2 Updated by stephane de Labrusse about 6 years ago
Well I have just tested with firefox and chrome and I understand the issue
since I have just created or leaved the menu en/User when I disconnect the root user, the url is still written in the browser and when I reconnect the user 'toto' (who is not allowed to use this menu) I have the 403 error.
Maybe when you disconnect the user root or any other users, the url should be rewritten to the root url https://IP:980
#3 Updated by stephane de Labrusse about 6 years ago
Apr 8 15:39:24 nethserver-dev esmith::event3040: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130.
Still here :)
#4 Updated by Giacomo Sanchietti about 6 years ago
- Target version set to ~FUTURE
#5 Updated by Giacomo Sanchietti almost 5 years ago
- Status changed from NEW to CLOSED
- % Done changed from 0 to 100
- Resolution set to REJECTED
This feature will not be implemented in NS 6. If needed, please reopen it for NS 7.