Subordinate Admin rights without ability to change password of chief Admin

  • Hi, I'm new to the forum.

    Is there a way to assign Admin rights to a secondary pfSense account, but not allow rights for changing the password of the primary pfSense admin account? Seems a simple functionality, but I can't find a way to set it up this way in the pfSense control panel.

    Much Thanks,


  • Rebel Alliance Developer Netgate

    No. If someone has access to edit users, they can edit any user.

    There are several pages that, if a user can access them, they could do whatever they want. Like they could restore a backup file with a different admin password, or change it by editing the config file directly.

    You'd have to add privileges carefully such that the user can't reach any page that could let them effectively have full access.

  • Thanks Jimp.

    Is there a way to provide a user with all rights, except the ability to edit users? I don't know if that would still classify as "Admin", but that's what I'm trying to do.

  • Rebel Alliance Developer Netgate

    Not effectively, because of the reasons I mentioned.

    If they have access to restore a backup, they could restore a file with an altered admin password. If they can execute shell commands, they could change the config, etc.

    If you are looking to make the passwords immutable, use an external auth setup they have no rights to (LDAP, RADIUS, etc) and then they can't change passwords except for local users. They could still change the local admin, but not the one from LDAP/RADIUS.

    May not get you what you want, still, but closer perhaps.

  • Thanks for the feedback Jimp.

Log in to reply