Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When copying template user, ensure Template user is disabled and new user is enabled #1097

netniV opened this issue Nov 23, 2017 · 2 comments


Copy link

netniV commented Nov 23, 2017

This is similar to issue #433 but slightly expanded.

If you create a user, set a password, login and make it work as you desire with permissions, graphs etc. You then set this user as a template, for example against an LDAP domain. Unless you leave the templated user able to login, the cloned user is unable to login as he gets accessed denied.

Standard security practice should be to set the template so it can't login once it is being used as a template. This should be done by either, checking if the user is a set as a template or setting it as disabled and automatically enabled a newly created user.

The pros for automatically enabling the user means anyone who is in a group with access via LDAP can creating their own account. However, on the flip side, it means exactly the same so if there is a user you may not have wanted to have instant access without knowing about it, they will unfortunately.

The pros for making any templated user disabled from logging in means that the enabled flag propagates to a newly created user. The cons are that it means you have to create a new test user or delete the existing one from the cacti list, every time you want to test template changes.

For example if I have a different group template named Template for each customer to specifically allow only access to that customers graph tree, then all those users have access via the Local domain.

Copy link

cigamit commented Nov 23, 2017

Yea, this is a good thing. We'll fix this in the 1.2 branch though.

cigamit added a commit that referenced this issue Nov 23, 2017
Template user issues including:
- All template users should be disabled by default
- When a user is copied, enable that user by default
Copy link

cigamit commented Nov 23, 2017

Resolved. Thanks.

@cigamit cigamit closed this as completed Nov 23, 2017
@netniV netniV changed the title Template user can login in When copying template user, ensure Template user is disabled and new user is enabled Dec 31, 2018
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet

No branches or pull requests

2 participants