Some Aggregate graphs can be denied access incorrectly

[densenator]

Describe the bug

My device have only 5 graphs.
But in tree i see this:

In tree i have only device.
In device i see 5 graphs

Also i don't able to change some aggregate graph items
And users don't see some graphs in preview mode

[TheWitness]

Got into Debug mode for the two graphs and output the RRDtool syntax and it's result.

[densenator]

In device i see only 5 graphs
It's tree mode bug. I don't know where is debug mode for this.

Also i don't able to change some aggregate graph items
And users don't see some graphs in preview mode.

[densenator]

Ok, I'm found =, that is bug with aggregate graph
RRDtool Command:
GRAPH ACCESS DENIED RRDtool Says:
GRAPH ACCESS DENIED
My cacti dir is chown -R www-data:www-data cacti

[TheWitness]

That's a Cacti error. Check permissions from the User page. Report back.

[densenator]

My permission is full because i go from admin.
I tried create another user with full permission. It's the same. Maybe i need to create my aggregate graph again? But I have seen them before.

[TheWitness]

You should be able to edit the user in question and see this graph from the graph permissions tab, and then if you hover over the effective permission, you can see where and how the access is blocked.

[j66h]

Hi,
I have the same problem.
Cacti Version is 1.2.23
Running on Debian.
Updated cacti by using "git clone -b 1.2.x https://github.com/Cacti/cacti.git" on 09/12/2022.
Did "chown www-data:www-data -R /var/www/html/cacti/" after update.

I get the following for all aggregate graphs:

This is shown in Graph preview with debug turned on.

Happens, regardless which user I use. Permissions below are from builtin local admin account:

Just for reference, this is shown for another admin account, who inherits all settings from Admin Gourp:

Please tell me, If I can show further things to help analyze this.
Best Regards, JHH

[TheWitness]

I would need a database dump to make a call on this. Also, under Console > Settings > General let me know your Graph Permission Method.

[j66h]

Graph Permission Mode is set tp "Permissive". I now have tested the three other options too. All four behave in the same way.

Do you have some hints to anonymize a database dump (exchange Hostnames, IP Adresses, Credentials and the like with anonymized values)? If I can anonymize, I can share without asking data security departement...

Do you have some private upload area? Or a way to privately send a link for you to download? I cannot share the dump in github...

[TheWitness]

Best thing is email. If too big, then we will have to use box or eauiv.

[j66h]

Tried to send mail to address of your profile.
Got a return to sender, that our mailserver is open relay with a link to spamhaus webpage. At that webpage it says, that our server does not have an issue but that the server of the recipient is misconfigured.

I involved our mail admins. maybe you can elaborate too?

I'll resend later that week. Maybe it just was a spamhaus hickup...

[j66h]

No SPAM problems anymore, but now "message too big". The zipped dump is approximately 5 MByte in Size.
I can provide it on a onedrive share, if you like?