I’ll maybe look deeper into it, but QNAP kernel seems to really implement sh*tty ACL if this old post is still true…
EDIT: Unfortunately, looking at the latest QNAP kernel source code, the “custom” ACL algorithm hasn’t changed since that aforementioned forum post… In my case above, any --- entry in the ACL list (which is the very case in that 4.2.1 fix) denies access to all
@ericg : no it did not, but as we discussed on the chat, considering that there are several important small bugs with fixes pending, I’m making an hotfix release in 126.96.36.199 before the next big iteration:
[fix] services.py, python3: missing decode() in subprocess output fetch (357c151c)
[fix] log.py: don’t inject log_ref if the operation didnt start yet (f878d61f)
[fix] dyndns.py: Missing raw_msg=True (008e9f1d)
[fix] firewall.py: Don’t miserably crash when there are port ranges (6fd5f7e8)
[fix] nginx conf: CSP rules for admin was blocking small images used for checkboxes, radio, pacman in the new webadmin (575fab8a)
Builds are ongoing, should be available in a couple minutes
And here’s another big iteration on both the core and the new webadmin !
UI/UX fixes and improvements in the new webadmin thanks to the feedback of the testers . This include new human-readable descriptions of what’s going on each time an operation is triggered.
SFTP and SSH permissions. This will allow to grant SSH/SFTP access to users using the permission system. This also comes with a rework of the SSH configuration. Note that, by design, you can’t grant this permission to all users. You must grant it to individual users, or create a group and grant the permission to this group. We also recommend to be careful and not grant this permission to random people that you don’t really trust.
Many improvements on backups, including a significant rework of the content of system backups which should now be more sensible and prevent inconsistencies.
Thanks to all contributors ! (axolotle, Bram, C. Wehrli, cyxae, D. Vasilev, Daniel, Éric G., grenagit, Josué, Kay0u, K. Nowakowski, lapineige, ljf, Scapharnaum)
Même problème une heure après mise à jour de 4.2.2.
Les entrées Utilisateurs / Domaines / Applications / Services / Diagnostic et Sauvegardes ne fonctionnent plus.
Le menu “Outils” fonctionne.
“Mettre à jour” s’affiche, mais renvoie cette erreur.
Même symptomes après reboot.
sudo yunohost tools update renvoie que tout est à jour.
The upgrade went well on my side (except my permanent ACL problems above, for which I need to manually revert the ACLs’ after each regen-conf).
I was using a legacy linux user (not a YunoHost user) to log to SSH with a private key. I can’t log any more. In my understanding, it’s because it’s not part of the “ssh.main” group. But, I can’t add the user to the group with usermod -a -G ssh.main <myuser>.
How is it and what’s my best way to address the problem? Add that user to the group by another way? Somehow “convert” it to a YunoHost user, but then how to log with a private key and add it to the sudo group?
Upgraded to 4.2.2. Admin page wasn’t working, but that eventually cleared when I shutdown and restarted my browser.
However, I’m having the SSH problem, too. I was using a Linux account with an RSA key. Now it’s asking for password, but the password is not being accepted. Thus, I can’t log onto the box to investigate or fix. Suggestions?
c.f. answer to JimboJoe, you can maybe add that user to the admins group. Or ideally recreate the user as a yunohost user if that makes sense (or add your RSA key to an existing yunohoser user and use that one from now on). In the meantime, you should still be able to log in as admin/root to fix the issue.
Important : we noticed that the webadmin update from tonight included some forgotten debug code that disabled some features such as upgrading. As a consequence, when you click the “Upgrade” button, no upgrade will actually be performed… The workaround is to upgrade from the command line with yunohost tools upgrade --system for this time.
The fix has been released in Yunohost-admin 188.8.131.52
(N.B.: This is only relevant if you upgraded today)