[racktables-users] Revisiting permissions and the 'debug' flag.

  • From: Michael Tiernan <michael.tiernan@xxxxxxxxx>
  • To: racktables-users <racktables-users@xxxxxxxxxxxxx>
  • Date: Mon, 6 May 2019 14:03:04 -0400

Last first.

There's a note that putting 'debug=1' into the secret.php file will trigger a debug log.

1. Where does the debug output go? http access? http error? mariadb
   log? other?
2. Once the flag is set, does a stop/start of the httpd need to be done
   or is the secret file read on demand?

(Some of this I'm asking to update the wiki with explicitly known answers.)

------------------------------------------------------------------------

Now, permissions. (One of my objectives here is be to create a user who can modify h/is/er objects that are placed in the racks without modifying the hosting rack itself.

I'm *NOT* ruling out that I've broken something but I have a user's settings configured so that s/he can "edit their own" objects and I found what I think are two different bugs.

1. First locations...
    1. I have more than one location.
    2. I gave user allow based on 'location and tag and username' on
       objects
    3. found that it /always/ failed. It *seems* that the location is
       not ... (don't know best word for this) propagated downwards? It
       doesn't show up in the implicit tags.
2. Now deleting an object.
    1. User (same) has an object on the rack.
    2. User selects item, goes to properties tab and chooses "delete" icon.
        1. Get popup asking 'are you sure'
        2. Choose "Ok" and get access denied error.
        3. Use browser 'back' key and get "Attributes" page with orange
           "Operation not Permitted" message on screen.
        4. Using the "logic" of 'that didn't work so use the "reset
           (cleanup)" broom button' to restore it and undo what I just
           tried to do
        5. It returns with 'reset complete'
        6. what has actually happened is RT had erased all the
           characteristics of that item and left me with a virgin (in
           this case spacer) object with no characteristics to it.

For either of these two items I ask, Is any of this already known and I've missed a ticket/post/note somewhere?

If not, I'll try to provide more documentation on what I saw happen.

------------------------------------------------------------------------
A final "just in case" question. Is there a more direct way to get a list of possible pages & tabs a user could visit other than simply going through each one of them on my screen? (such as a simple db query for what page/tab destinations might exist?)

--
  << MCT >> Michael C Tiernan. http://www.linkedin.com/in/mtiernan
  Non Impediti Ratione Cogatationis
  Women and cats will do as they please, and men and dogs
   should relax and get used to the idea. -Robert A. Heinlein

Other related posts:

  • » [racktables-users] Revisiting permissions and the 'debug' flag. - Michael Tiernan