Access Control, locked the only admin out....

quinniedid

Hi all,

I am in need of some desperate help. I installed the Access Control plugin and started poking around at how everything came together. I added the only admin account to the Administrators group, which apparently had no rules added to. I have no other user that can login to FOG. I have two other users but API (mobile only) is disabled and cannot correct the issue.

Is there a way to go through the database to enable API for one of these other users? Is there someway to disable the plugin for now? Anything I can do to get back into my server?

Any help would be greatly appreciated!

Thank you ahead of time!

Wayne Workman

@quinniedid Yes, refer to this article: https://wiki.fogproject.org/wiki/index.php?title=Password_Central#1.4.0_and_1.5.0_series
You’ll want to specify a different user than fog, probably admin or something. The new user’s default password will be password

Fernando Gietz

Hi @quinniedid ,

You can disable this plugin erasing one registry in the database. In the database:

MariaDB [fog]> select * from plugins;
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
| pID | pName | pState | pInstalled | pVersion | pAnon1 | pAnon2 | pAnon3 | pAnon4 | pAnon5 |
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
| 48 | accesscontrol | 1 | 1 | 1 | | | | | |
| 44 | xixare | 1 | 1 | 1 | | | | | |
| 53 | LDAP | 1 | 1 | 1 | | | | | |
| 41 | wolbroadcast | 1 | 1 | 1 | | | | | |
±----±--------------±-------±-----------±---------±-------±-------±-------±-------±-------+
4 rows in set (0.00 sec)

And now delete it:

MariaDB [fog]> delete from plugins where pID = pDI_of_your_AccessControlPlugin;

In my case pID=48.

With this you will have the control back.

UPDATE: TAke in account that this process do a “dirty” unsintall of the plugin. To uninstall correctly the plugin, use the FOG User Interface and unstall it from Plugins menu.

Fernando Gietz

Some recomendations about this plugin:

• Don’t asociate the “fog” user to one role. This user is special, like a system user, in this way you can use it to roll back of changes.
• Test the role and their rules first with one local test user.

quinniedid

I would admit you are absolutely correct. I should not have put the local admin into the group…

I was finally able to get back in. I appreciate all of your help!