Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-5100: Running easyrule with dedicated user

    Firewalling
    firewall rules sg-5100
    1
    2
    404
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DrPhil
      last edited by DrPhil

      I need to block / unblock certain client devices from accessing internet on demand (kids).

      easyrule gives me what I want. for example

      easyrule block lan 192.168.1.21

      Since I want to call this script from a client device, I created a new user (easyRuler). In sudo package, easyRuler is allowed to only call /usr/local/bin/easyrule.

      When easyRuler calls easyrule, I get the successful execution message

      Host added successfully

      Except that it actually fails. In the system.log, I can see this message

      easyrule: WARNING: Config contents could not be saved. Could not open file!
easyrule: New alert found: Unable to open /cf/conf/config.xml for writing in write_config()

      I suspect it has to do with easyRuler's permissions. Maybe it needs to be able to run another process as root, besides easyrule. I just don't know which one. Appreciate any thoughts.

      D 1 Reply Last reply Reply Quote 0
      • D
        DrPhil @DrPhil
        last edited by

        Turns out I need to "sudo" with my dedicated user for the command to work. Like this

        sudo easyrule block lan 192.168.1.21
        1 Reply Last reply Reply Quote 0
        • First post
          Last post