Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User with privileges to administer user in Captive Portal

    Scheduled Pinned Locked Moved General pfSense Questions
    pfsense
    5 Posts 2 Posters 705 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      devey
      last edited by

      Hi!
      I want to implement a Captive Portal for some users and give permissions to only one of them so that it can create new users, modify the password, delete users, etc.
      This can be done from the Effective Privileges tab and it works perfect.
      The problem is that this user, who has only permissions to edit users, can modify his own user and add himself as a member of the group "Admins" in "Group membership" and then he would become Administrator and have access to the entire system.

      I hope you have understood me and can help me.
      Thanks!

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN Offline
        NollipfSense @devey
        last edited by

        @devey That seems exactly what you want to give that user ... admin user ... so, you don't trust that person?

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          devey @NollipfSense
          last edited by

          @nollipfsense Hi!
          Thanks for your reply.
          I don't want to give that person access to the entire configuration panel. I just would like you to be able to create or delete users or change the passwords of those users. But I don't want that person to be able to add himself to the Admins group, because with that he will already have full access to all the pfSense configuration.

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            devey @devey
            last edited by

            @devey
            Here I attach 2 images.
            That user should not see what is with a red cross

            01.png

            02.png

            NollipfSenseN 1 Reply Last reply Reply Quote 0
            • NollipfSenseN Offline
              NollipfSense @devey
              last edited by

              @devey I hope others more knowledgeable would chime ... all I can think of off the top of my head is use a USB key in conjunction with certificates to be able to manage the group without system admin privileges

              pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
              pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.