Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow a user via ssh to: ifconfig eth0 down

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      OM606
      last edited by

      Hi networksecurity folks

      I have created a user called adminsh in the browser GUI and made it member of the admin group. I only need this user for the network administration over ssh. basically the only thing the user needs to do is "ifconfig eth0 down" and "ifconfig eth up"

      However, when i login through ssh and do a "ifconfig eth0 down" i get: ifconfig: down: permission denied.

      How can i set the permission i order to allow the user at least network administration. It's even fine if the user has root privilege as this user is only allowed to loging in via rsa key and not with a password.

      /etc/passd
      adminsh:*:2000:65534::/home/adminsh:/bin/tcsh

      /etc/group
      admins:*:1999:root,adminsh

      Regards and thanks,
      Markus

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        RTFM: https://docs.netgate.com/pfsense/en/latest/usermanager/sudo-package.html

        1 Reply Last reply Reply Quote 1
        • O
          OM606
          last edited by

          I think sudo is no option in my case as i run the ifconfig command from another host via ssh. thats also why i setup ssh login via ssh key instead of password.

          I would prefere to give the user i have created root privilege. how can i give the user root priviledge?

          Regards and thanks,
          Markus

          GrimsonG 1 Reply Last reply Reply Quote 0
          • GrimsonG
            Grimson Banned @OM606
            last edited by

            @OM606 said in Allow a user via ssh to: ifconfig eth0 down:

            I think sudo is no option in my case as i run the ifconfig command from another host via ssh. thats also why i setup ssh login via ssh key instead of password.

            Read the documentation again, sudo is exactly what you need.

            1 Reply Last reply Reply Quote 1
            • O
              OM606
              last edited by

              I have installed sudo and configured it for my user adminsh but it's not working as i expected.

              When i run the following from the remote host:

              ssh adminsh@172.16.16.1 ifconfig re0 down

              It gives me the following error:
              ifconfig: down: permission denied

              The reason for this is quite obvious because somewhere in the processs it would like to get the (sudo) password.

              If i log in via ssh adminsh@172.16.16.1 and then execute sudo ifconfig re0 down it asks me for the password and everything works fine.

              Any chance that i can execute this under sudo from remote?
              I have tried something like following but this did not work:

              ssh adminsh@172.16.16.1 sudo ifconfig re0 down
              sudo: no tty present and no askpass program specified.

              Otherwise, if there is a way that if i ssh into pfsense with admin or root that i get directly to the shell without the pfsense welcome menu? This would solve my problem definitely.

              Thanks,
              Markus

              GrimsonG 1 Reply Last reply Reply Quote 0
              • GrimsonG
                Grimson Banned @OM606
                last edited by

                @OM606 said in Allow a user via ssh to: ifconfig eth0 down:

                If i log in via ssh adminsh@172.16.16.1 and then execute sudo ifconfig re0 down it asks me for the password and everything works fine.

                Oh come on, the documentation even has an example setup for a command without a password. Show a screenshot of your sudo config.

                1 Reply Last reply Reply Quote 1
                • O
                  OM606
                  last edited by

                  Grimson, first of all, thanks for your patience so much!

                  I have configured sudo only throught the webgui (System/sudo)
                  1a20182f-3442-4e6e-896f-e0ddbb93afc9-image.png

                  Do you mean the config file /usr/local/etc/sudoers ?

                  It looks like following:

                  root ALL=(root) ALL
                  admin ALL=(root) ALL
                  %admins ALL=(root) ALL
                  adminsh ALL=(root) ALL

                  Or do i need to put the custom command like in the example for user bob in the documentation in the following file:
                  /usr/local/etc/sudoers.d

                  Regards and thanks,
                  Markus

                  GrimsonG 1 Reply Last reply Reply Quote 0
                  • GrimsonG
                    Grimson Banned @OM606
                    last edited by Grimson

                    @OM606

                    🤦 I really hope you are just drunk. Enable the "No Password" option like the documentation tells you in the first example.

                    no password.png

                    1 Reply Last reply Reply Quote 1
                    • O
                      OM606
                      last edited by

                      being drunk would not help much :-) because even with the No Password option i still get this:

                      ssh adminsh@172.16.16.1 ifconfig re0 down
                      ifconfig: down: permission denied

                      if i login using ssh adminsh@172.16.16.1
                      and then run:
                      sudo ifconfig re0 down
                      everything works but thats not what i need!! as stated in the first posts :-)

                      Other question, what do i have to change in order to not get /etc/rc.initial being started when i ssh into as root or admin?
                      i only need csh or any other shell instead of the menu. This would really solve my problem and if i need the menu i can just run /etc/rc.initial

                      Markus

                      GrimsonG 1 Reply Last reply Reply Quote 0
                      • GrimsonG
                        Grimson Banned @OM606
                        last edited by Grimson

                        @OM606 said in Allow a user via ssh to: ifconfig eth0 down:

                        being drunk would not help much :-) because even with the No Password option i still get this:

                        ssh adminsh@172.16.16.1 ifconfig re0 down

                        Just for the sake of others that might read this post, you obviously still need to use sudo:

                        ssh adminsh@172.16.16.1 sudo ifconfig re0 down

                        @OM606
                        As I'm pretty convinced you are just trolling I will now add you to my blocked users list.

                        1 Reply Last reply Reply Quote 1
                        • O
                          OM606
                          last edited by

                          thanks, you are very helpful and sorry for me beeing so untalented 🤕

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.