Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multi_server_environment does not prevent config changes from WebUI #14390

Closed
pizzarabe opened this issue Apr 30, 2019 · 1 comment · Fixed by #16760
Closed

multi_server_environment does not prevent config changes from WebUI #14390

pizzarabe opened this issue Apr 30, 2019 · 1 comment · Fixed by #16760
Labels
Bug For errors / faults / flaws / inconsistencies etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
Backlog (Help wan...

Comments

@pizzarabe
Copy link

I installed a Matomo installation 3.9.1 on two servers, both running CentOS 7 with nginx and php 7.2.10.
If setting the setting multi_server_environment=1 in config.ini.php I would expect that I can not install plugins and change configurations from the web interface, according to https://matomo.org/faq/new-to-piwik/faq_134/

this setting lets Matomo know you’re using multiple servers and for example it will then not allow the installation of a plugin via the UI (or the plugin would be only installed on one server), or it will not allow config file changes from the UI (as the config file would be updated on one server only).

The installation of plugins is not permitted. However, I can still change configurations from the web interface, for example "System" -> "General settings" -> "Trusted Matomo Hostname" which results in inconsistent configurations on the servers:

$server1:  cat config.ini.php 

...
[General]
multi_server_environment = 1
trusted_hosts[] = "f1-stats.de"
trusted_hosts[] = "f2-stats.de"
trusted_hosts[] = "stats.de"
trusted_hosts[] = "test.example.com"
...
$server1:  md5sum config.ini.php 
9721fb51375b215f1587148a7b0752bf  config.ini.php

$server2:  cat config.ini.php 

...
[General]
multi_server_environment = 1
trusted_hosts[] = "f1-stats.de"
trusted_hosts[] = "f2-stats.de"
trusted_hosts[] = "stats.de"
...
$server2:  md5sum config.ini.php 
4d655c14bd8493ac1f2d592d98c92d71  config.ini.php

"Diagnostic" -> "Config file" also shows, that multi_server_environment is set to 1.
@tsteur tsteur added Bug For errors / faults / flaws / inconsistencies etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. labels Apr 30, 2019
@tsteur tsteur added this to the Priority Backlog (Help wanted) milestone Apr 30, 2019
@tsteur
Copy link
Member

tsteur commented Apr 30, 2019

Cheers 👍 Makes sense. You can workaround by setting [General] enable_general_settings_admin = 0.

; By setting this option to 0, the following settings will be hidden and disabled from being set in the UI:
; - Archiving settings
; - Update settings
; - Email server settings
; - Trusted Matomo Hostname

which also hides other settings that may write to the config (email settings AFAIK)

@nina-py nina-py mentioned this issue Nov 20, 2020
Merged
9 tasks
sgiehl pushed a commit that referenced this issue Dec 15, 2020
@nina-py
multi_server_environment setting now disallows config edits from Web …
89c0dc2 
…UI (#16760)

* multi_server_environment setting now disallows config edits from Web UI

Turning the multi_server_environment setting on now hides the following
settings from the Administration -> Settings -> General settings page:

- Archiving settings
- Email server
- Trusted Matomo hostname
- Update settings

...so that users cannot set these separately on different instances of Matomo.

Fixes #14390.

* Added a note for multi_server_environment setting about shared filesystems

* - multi_server_environment now only hides email server settings from the general
settings page.

- Only making the release channel not writable in CoreUpdater->SystemSettings,
and leaving the other settings as before.

* Update UI test

Updated UIIntegrationTest_admin_diagnostics_configfile.png - with Git LFS
this time around.
@mattab mattab added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label Dec 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For errors / faults / flaws / inconsistencies etc. Help wanted Beginner friendly issues or issues where we'd highly appreciate community's help and involvement. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
Backlog (Help wanted)
Development

Successfully merging a pull request may close this issue.

multi_server_environment setting now disallows config edits from Web UI
3 participants
@tsteur @mattab @pizzarabe