From dcd71445c07afb4a467f05df4c5747acf623e0f5 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 14 Apr 2015 08:55:19 +0000
Subject: [PATCH] make user-config-readonly explicit when writing to config.

---
 src/etc/inc/config.lib.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc
index 3333dcdfd..a390c92c8 100644
--- a/src/etc/inc/config.lib.inc
+++ b/src/etc/inc/config.lib.inc
@@ -153,6 +153,8 @@ function write_config($desc = 'Unknown', $backup = true)
 			$user = getUserEntry($_SESSION['Username']);
 			if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
 				session_write_close();
+				// okay, it's not very nice to check permissions here, but let's make it explicit while we do...
+				log_error(gettext("WARNING: User")." ".$_SESSION['Username']." ".gettext("may not write config (user-config-readonly set)"));
 				return false;
 			}
 		}