Change user password from GUI

sorry i don't understand what do you mean by "OP"?!!


OP=Original Poster, as in person who opened the thread. AKA: you :grinning:.

oh :rofl: yes i am the OP lol.
now tell me which view do you mean i enabled ?

The term "view" means a functionality page the user can access after they log in. The assumption is that users would not have had access to the password change view unless you granted it. It is not intended for non-root user access, and if that access was there by default (so you changed nothing) then it is a security issue.

by default, when you create a new user with ACL settings this user can access to administrator and change password (root password), you can disable that by changing "luci-mod-system-ssh" to denied. but i want that user to change his own password not root one :frowning:

That sounds like a security bug, and ought to be resolved so that the ability to change the root password is not enabled by default.

Yes, that was understood. However it is not current functionality and probably is not trivial to implement.

@jow: How does this get flagged for security review?

anyway thank you for your answers i will see what i could do

There is no security issue, by default everything is denied.

1 Like

but that normal user should be able to change his password from GUI

Yes, I agree - but it is no implemented yet.