Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Read-only User

    General pfSense Questions
    3
    5
    4512
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unkownNR1 last edited by

      Hi,
      is it possible to create a user that can read everything but not change anything? For Security audits for example.

      I've already read this
      https://forum.pfsense.org/index.php?topic=28795.0#lastPost

      should now be possible according to documentation
      https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes

      I can't find further info's to this.
      I'm using version 2.3.2-RELEASE (amd64)
      built on Tue Jul 19 12:44:43 CDT 2016
      FreeBSD 10.3-RELEASE-p5

      Sorry for possible bad English

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        @unkownNR1:

        should now be possible according to documentation
        https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes

        You may mean this: Read-only privilege to create a user that cannot modify config.xml

        This does exactly what it's saying. Users with read-only privilege cannot modify the config.
        Only users who are member of admins group are permitted to change the config.

        I've played around with such a user a short time ago and I've experienced that such a user may stop and restart services though, kick out vpn users and whatever, but even not change the configuration file. So if you don't want to allow these, only assign pages to that user in "Effective Privileges" on which one he can do nothing like that.

        1 Reply Last reply Reply Quote 0
        • U
          unkownNR1 last edited by

          Hello, I created a User with only two rights Dashboard(all) and Firewall:Rules  (Screenshot)  no groups

          But he is still able to change the config.xml in this case he can activate or delete rules of the Firewall. And the changes are written down to the config.
          Is there a change to create a True Read-Only User?  Or is this a bug?


          Sorry for possible bad English

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            You mean like User - Config: Deny Config Write at the very top of the privs list?

            1 Reply Last reply Reply Quote 0
            • U
              unkownNR1 last edited by

              Oh yes!  so stupid absolutely my fault sorry  :-\

              Thank you!!

              Sorry for possible bad English

              1 Reply Last reply Reply Quote 0
              • First post
                Last post