Change default shell for additional pfSense user
-
Hi,
I've got a script that I want to execute via SSH using the Bourne shell (/bin/sh).
I've created a new user and added them to the "admins" group - I don't want to mess around with the default "root" user for obvious reasons.
However I tried following the guide at: https://www.freebsd.org/doc/handbook/shells.html to change that user's default shell and it caused this message to appear on SSH login:
*** Welcome to pfSense 2.3.2-RELEASE (amd64 full-install) on pfSense *** PHP Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80 Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80 PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 80, Message: Call to undefined function pfSense_interface_listget() 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell
I'd just like to know which is the correct/safe way to have the Bourne shell start by default on SSH login? I'd rather not edit each script to include something like "sh -c 'some commands'" as I have a lot of scripts.
Thanks.
-
delete in new users homedir:
.profile and .shrc
-
Thanks! That worked.
-
I've still got an issue.
It seems that when I reboot the router, the shell gets changed back to /bin/tcsh. Is it possible to change it to /bin/sh permanently?
-
No, not without patching /etc/inc/auth.inc - an example of what changes you need to do here: https://github.com/pfsense/pfsense/pull/3283/files
Could be used pretty much verbatim, say you add user-bourne-shell priv to /etc/inc/priv/user.priv.inc, you'd do
if (userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all")) { if (userHasPrivilege($user, "user-bourne-shell") { $user_shell = "/bin/sh"; } else { $user_shell = "/bin/tcsh"; } } elseif ( ... )
then you can assign the shell persistently via the User Manager GUI.
-
changing the single instance where tcsh appears in /etc/inc/auth.inc to the my desired shell seemed to do the trick.