How to add another user as root in pfsense?



  • Hey there,

    I want to have two root users.
    Reason? I have a remote shell script which will connect to pfsense and call the changepassword php script inside the pfsense but since the root user is executing the rc.init at his login phase it doesn't let me to run my script. So my idea is having another root user without any shell menu and do the rest of the work.
    I'm using kitty as ssh connection tool and following is my shell command :

    kitty -ssh 192.168.20.1 -l admin2 -pw qwerty -cmd "pfSsh.php playback /etc/phpshellsessions/changepassword\nvahid\n1234\n1234\n"
    

    I also add the admin2 to wheel group but yet I can't change password and shell says :

    pw: you must be root

    Is there anyway to make my admin2 a real root? or should I remove the rc.init from root user?



  • So, I rephrase : you want "root only task" to be done by another "root" ?
    Remember, this is not some FreeBSD or Linux box, but a 'simple' firewall.
    Maybe adding another root is possible, but this is pfSense. Changing systems files do not persist during upgrade (so people tend NOT to upgrade anymore ….  >:(), etc etc etc.

    Having the web server, whose is executing the php code, modify root files .... well ....  many have been shot last century for trying to do just that. It was decided that these kind of thoughts were considered as "design flaws" at best. Still, do this for a company and will get you fired.

    But ok.
    What about a cron script, running with root access, that runs every, let say : 1 minute, and checks if "a file" exists. This file will be created by the web server running on pfSense. You (the php script user / visitor)  puts in the file the name and password or what ever you want.
    Your cron will test the file for existence, and if exists, read it - delete it, and modify the user + password accordingly.
    Your php code will just create the file 'somewhere'. Remember that changes would be applied within 1 minute max.


  • Banned

    Install the sudo package and use sudo. That's what everyone does, instead of creating another root.


Log in to reply