Change default shell for additional pfSense user

eponymous · Dec 10, 2016, 2:56 PM

Hi,

I've got a script that I want to execute via SSH using the Bourne shell (/bin/sh).

I've created a new user and added them to the "admins" group - I don't want to mess around with the default "root" user for obvious reasons.

However I tried following the guide at: https://www.freebsd.org/doc/handbook/shells.html to change that user's default shell and it caused this message to appear on SSH login:

*** Welcome to pfSense 2.3.2-RELEASE (amd64 full-install) on pfSense ***
PHP Fatal error:  Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80

Fatal error: Call to undefined function pfSense_interface_listget() in /etc/inc/interfaces.inc on line 80
PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 80, Message: Call to undefined function pfSense_interface_listget()
 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

I'd just like to know which is the correct/safe way to have the Bourne shell start by default on SSH login? I'd rather not edit each script to include something like "sh -c 'some commands'" as I have a lot of scripts.

Thanks.

heper · Dec 10, 2016, 5:47 PM

delete in new users homedir:

.profile and .shrc

eponymous · Dec 11, 2016, 11:08 AM

Thanks! That worked.

eponymous · Dec 16, 2016, 7:19 PM

I've still got an issue.

It seems that when I reboot the router, the shell gets changed back to /bin/tcsh. Is it possible to change it to /bin/sh permanently?

doktornotor · Dec 16, 2016, 8:02 PM

No, not without patching /etc/inc/auth.inc - an example of what changes you need to do here: https://github.com/pfsense/pfsense/pull/3283/files

Could be used pretty much verbatim, say you add user-bourne-shell priv to /etc/inc/priv/user.priv.inc, you'd do


if (userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all")) {
	if (userHasPrivilege($user, "user-bourne-shell") {
		$user_shell = "/bin/sh";
	} else {
		$user_shell = "/bin/tcsh";
	}
} elseif ( ... )

then you can assign the shell persistently via the User Manager GUI.

cjangrist · Sep 13, 2022, 10:48 PM

@doktornotor

changing the single instance where tcsh appears in /etc/inc/auth.inc to the my desired shell seemed to do the trick.