headscale-admin icon indicating copy to clipboard operation
headscale-admin copied to clipboard
verified publisher icon GoodiesHQ

ACL issue with username

Open gianlucagiacometti opened this issue 5 months ago • 2 comments

I have a couple of users:

root@headscale:~# headscale users list
ID | Name | Username | Email | Created
1  |      | john|       | 2025-06-25 14:36:43
2  |      | hannah   |       | 2025-08-06 22:01:26

When I set ACLs 'per user', I am forced to add an '@' after the username (i.e. john@), otherwise I cannot save the configuration.

    "acls": [
        {
            "#ha-meta": {
                "name": "PolicyForJack",
                "open": true
            },
            "action": "accept",
            "src": [
                "john@"
            ],
            "dst": [
                "*:*"
            ]
        },
...

The UI does not act as such, and it just inserts 'john'. This forces me to edit the config manually and correct the issue before saving.

Expected Behavior

Either the UI should automatically add an '@' to the username, or usernames without '@' should be allowed.

###Environment

  • OS: Ubuntu 24.04
  • Headscale version: 0.26.1
  • Headscale-Admin: latest (docker)

gianlucagiacometti avatar Aug 07 '25 22:08 gianlucagiacometti

This happens to me as well!

Environment

  • OS: Debian 12 Bookworm
  • Headscale Version: 0.26.1
  • Headscale-Admin: Latest (Docker)

dblanque avatar Sep 01 '25 23:09 dblanque

The solution at least as of right now is to rename the actual user to an object with an @ in the name (generally just adding @ to the end of the current username) if you are not using some kind of email identity authentication.

Until then, I will need to normalize the usernames from the users objects and the ACL policies so they both either do or do not end with "@" and haven't addressed that just yet.

GoodiesHQ avatar Nov 15 '25 09:11 GoodiesHQ