#4621 User ACL BIND module

[Jim Allen]

Ubuntu 13.04
When defining ANY customization to a WEBMIN USER in the BIND module, within the BIND DNS Server access control options. The user gets the message "There are no DNS zones defined for this name server" It does not matter what option is changed from the default, this message is displayed. Essentially, once the "user.acl is created in the webmin/bind directory, they receive the message.
Selecting the RESET TO FULL ACCESS, which removes the "user.acl" from the webmin/bind directory, all of the zones are again displayed.
There is no problem seeing or manipulating the zones, until an ACL is attached to the BIND module for that user.
Permissions? Missing reference elsewhere in webmin?
Thank you in advance.

[Jamie Cameron]

I assume that you actually do have some BIND zones defined?

[Jim Allen]

Greetings Jamie,

Yes.

However, even if the ONLY change made is a simple change not directly related to ZONES, the user gets the message.

For example, here I changed from the default CAN EDIT MODULE CONFIGURE to NO.
Saved the change.

[cid:image002.png@01D0AFE2.AF49E670]
Then the users see this...
[cid:image001.jpg@01D0AFE2.B0A3D120]
However, do a RESET TO FULL and save, they see this.
[cid:image005.jpg@01D0AFE2.B0A3D120]
ANY change in the BIND 'permissions' which generates the username.acl seems to cause this behavior.

Thank you for your time. If you have any questions, please feel free to contact me.

JIM ALLEN | CTO
VoiceWare, ZCSE, VCP550D, VCP5, VCP4, VCP3, CCA, CCEA, CCNA, MCP, MCT, A+
HIPAA Awareness & HIPAA Security Certified
PH 319-553-0831 EM jallen@acesiowa.comjallen@acesiowa.com
FX 800-610-1793 WEB www.acesiowa.comhttp://www.acesiowa.com/

From: Jamie Cameron [mailto:jcameron@users.sf.net]
Sent: Thursday, June 25, 2015 5:19 PM
To: [webadmin:bugs]
Subject: [webadmin:bugs] #4621 User ACL BIND module

I assume that you actually do have some BIND zones defined?

---

[bugs:#4621]http://cp.mcafee.com/d/5fHCN8e3zqb3bWoWUVNwTsSOMY-U-DsSOMY-U--edIIffKfFFCSm7DT7T63ozFV_M1mS-AGCdVsTJLFaFzundA7f7muvvW_6zBdWWrfnKnjpud7f8CzBCXMUQsYJt6OaaGabfaxVZicHs3jq9JATvAm4TDNOb2pEVdTdw0WlrzrTg0fY3smM0mEaOxx1Izj674QjsaNZoYI2GlrzrTg0fY3jrXVEVudCBI0mEaOwAgr8QdbFEw0NxNd4Qg1eDNd40w91kQg38q30UQgaRgrfYSMCr7c5A User ACL BIND module

Status: open
Group: 1.760
Labels: BIND USER ACL
Created: Thu Jun 25, 2015 07:09 PM UTC by Jim Allen
Last Updated: Thu Jun 25, 2015 07:09 PM UTC
Owner: nobody

Ubuntu 13.04
When defining ANY customization to a WEBMIN USER in the BIND module, within the BIND DNS Server access control options. The user gets the message "There are no DNS zones defined for this name server" It does not matter what option is changed from the default, this message is displayed. Essentially, once the "user.acl is created in the webmin/bind directory, they receive the message.
Selecting the RESET TO FULL ACCESS, which removes the "user.acl" from the webmin/bind directory, all of the zones are again displayed.
There is no problem seeing or manipulating the zones, until an ACL is attached to the BIND module for that user.
Permissions? Missing reference elsewhere in webmin?
Thank you in advance.

---

Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/webadmin/bugs/4621/http://cp.mcafee.com/d/k-Kr6xAe40USyMO-CeKesodTdIIffKfFTdIIffKfLzzrb3PXzWqpJBxVZNZNwS8WuvY0lJLFaFzundXrWiGoTBPp1PNRDDT-LNEVjuKCPRXBQSnzhPO9EVpKYed7fbnhIyyGyyPOEuvkzaT0QSCrpdTV5xdVYsyMCqejtPpesRG9pBaJNJXE07-1Kbo0bk5pgMwShFz3yq9K5o-Ium1laJNJXE07-1FJZYQsL6PiS0bk5pgi8dAq6BQQg0oMUCyq80DjUCy0g4wGq81Ad1wsq85qEdD-rojdA7dD

To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/http://cp.mcafee.com/d/FZsS86Qm6nQNRNPz1KVJBxVZNZeVJBxVZNZYsrpouvsvjjdIIffKfKc6N7jP_w2JJZ9lcrOVLrvilj6YKr8eueIY-_R-d7arRQSuLsKCOYqeuhd7bdTxNEVVqWdAklkkmul3PWApmU6CSjr9K_8I9LfzAm4PhOrKr9PCJhbcFlKdLt00_MdPmVAYESgFqcBFOH2xK5o-Ium1laJNJXE07-1FJZYQsL6PiS0bk5pgi8dAq6BQQg0oMUCyq80DjUCy0g4wGq81Ad1wsq85qEdD-rojdRRcD3hmx

[André Fernandes]

I have also found this bug in CentOS 6 + webmin 1.760.

Installed BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 with chroot. Zones are separated into "public" and "internal" views (see attached named.zones file).
BIND DNS Server management works normally until I try to limit which views a user can see/edit.

Steps to reproduce:

1. set up the BIND DNS Server module to use the chroot'ed configuration paths
2. create a webmin user with access to the BIND DNS Server module
3. in the module permissions for the user, set permissions as follows:
   • Domains this user can edit -- Selected zones.. -- Zones in view <public></public>
   • Views this user can edit domains in -- selected views -- public
   • Views this user can edit and add zones to -- Selected views.. -- public
4. login as user, see the "There are no DNS zones defined for this name server" message
5. user can see only the <public> view in the "Existing Client Views" section</public>

Other variants tried:
- picking one or multiple zones in the permissions, rather than a "Zones in view" option works as expected
- setting permissions do "all zones" or "all views" allows the user to see/edit the zones

[Jamie Cameron]

André - for step 3, did you explicitly select a series of zones from the list?

[André Fernandes]

I did try picking the zones explicitly, and they show up normally to the user, i.e. the filtering works on a per-zone basis.

[Jamie Cameron]

Ok, I see the bug that causes this - it will be fixed in the next Webmin release.