Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Read-only User

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U Offline
      unkownNR1
      last edited by

      Hi,
      is it possible to create a user that can read everything but not change anything? For Security audits for example.

      I've already read this
      https://forum.pfsense.org/index.php?topic=28795.0#lastPost

      should now be possible according to documentation
      https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes

      I can't find further info's to this.
      I'm using version 2.3.2-RELEASE (amd64)
      built on Tue Jul 19 12:44:43 CDT 2016
      FreeBSD 10.3-RELEASE-p5

      Sorry for possible bad English

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        @unkownNR1:

        should now be possible according to documentation
        https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes

        You may mean this: Read-only privilege to create a user that cannot modify config.xml

        This does exactly what it's saying. Users with read-only privilege cannot modify the config.
        Only users who are member of admins group are permitted to change the config.

        I've played around with such a user a short time ago and I've experienced that such a user may stop and restart services though, kick out vpn users and whatever, but even not change the configuration file. So if you don't want to allow these, only assign pages to that user in "Effective Privileges" on which one he can do nothing like that.

        1 Reply Last reply Reply Quote 0
        • U Offline
          unkownNR1
          last edited by

          Hello, I created a User with only two rights Dashboard(all) and Firewall:Rules  (Screenshot)  no groups

          But he is still able to change the config.xml in this case he can activate or delete rules of the Firewall. And the changes are written down to the config.
          Is there a change to create a True Read-Only User?  Or is this a bug?

          Unbenannt.JPG
          Unbenannt.JPG_thumb

          Sorry for possible bad English

          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            You mean like User - Config: Deny Config Write at the very top of the privs list?

            1 Reply Last reply Reply Quote 0
            • U Offline
              unkownNR1
              last edited by

              Oh yes!  so stupid absolutely my fault sorry  :-\

              Thank you!!

              Sorry for possible bad English

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.