Change default shell for additional pfSense user



  • Hi,

    I've got a script that I want to execute via SSH using the Bourne shell (/bin/sh).

    I've created a new user and added them to the "admins" group - I don't want to mess around with the default "root" user for obvious reasons.

    However I tried following the guide at: https://www.freebsd.org/doc/handbook/shells.html to change that user's default shell and it caused this message to appear on SSH login:

    *** Welcome to pfSense 2.3.2-RELEASE (amd64 full-install) on pfSense ***
    PHP Fatal error:  Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80
    
    Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80
    PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 80, Message: Call to undefined function pfSense_interface_listget()
     0) Logout (SSH only)                  9) pfTop
     1) Assign Interfaces                 10) Filter Logs
     2) Set interface(s) IP address       11) Restart webConfigurator
     3) Reset webConfigurator password    12) PHP shell + pfSense tools
     4) Reset to factory defaults         13) Update from console
     5) Reboot system                     14) Disable Secure Shell (sshd)
     6) Halt system                       15) Restore recent configuration
     7) Ping host                         16) Restart PHP-FPM
     8) Shell
    
    

    I'd just like to know which is the correct/safe way to have the Bourne shell start by default on SSH login? I'd rather not edit each script to include something like "sh -c 'some commands'" as I have a lot of scripts.

    Thanks.



  • delete in new users homedir:

    .profile  and .shrc



  • Thanks! That worked.



  • I've still got an issue.

    It seems that when I reboot the router, the shell gets changed back to /bin/tcsh. Is it possible to change it to /bin/sh permanently?


  • Banned

    No, not without patching /etc/inc/auth.inc - an example of what changes you need to do here: https://github.com/pfsense/pfsense/pull/3283/files

    Could be used pretty much verbatim, say you add user-bourne-shell priv to /etc/inc/priv/user.priv.inc, you'd do

    
    if (userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all")) {
    	if (userHasPrivilege($user, "user-bourne-shell") {
    		$user_shell = "/bin/sh";
    	} else {
    		$user_shell = "/bin/tcsh";
    	}
    } elseif ( ... )
    
    

    then you can assign the shell persistently via the User Manager GUI.