View logs in shell

peterlecki · Mar 16, 2023, 11:15 PM

SSH'ed into pfSense with an admin user that can configure everything in the GUI but

[2.6.0-RELEASE][admin@pfSense.local]/: cat /var/log/filter.log
cat: /var/log/filter.log: Permission denied

[2.6.0-RELEASE][admin@pfSense.local]/: ls -l /var/log/filter.log
-rw-------  1 root  wheel  301615 Mar 16 16:05 /var/log/filter.log

[2.6.0-RELEASE][bisadmin@pfSense.local]/: id
uid=2000(admin) gid=65534(nobody) groups=65534(nobody),1999(admins)

Apparently admin-level in GUI is not part of the wheel group?

[2.6.0-RELEASE][admin@pfSense.local]/: sudo
sudo: Command not found.

stephenw10 · Mar 21, 2023, 4:20 PM

Hmm. Can you access them if you login as root?

admin should have access to that though unless you have changed the permissions somewhere.

Gertjan · Mar 17, 2023, 12:07 PM

@peterlecki said in View logs in shell:

sudo

That's a package :

But :

cat /var/log/filter.log

works fine for me, as admin member of the wheel group, so has root rights.

I can login 'ssh' into pfSense using 'root' or 'admin', I'll be 'root' at the console (checked with whoami).

peterlecki · Mar 21, 2023, 4:20 PM

@stephenw10
I'm unable to ssh as root. I reset their password since I don't remember setting it up originally and while I can "su" into root and view logs then, I cannot ssh as root. Is this expected?

@Gertjan
Thanks for the tip to install the sudo executable. I can see the logs now if I sudo from the admin user, though I still get denied as just myself. It doesn't seem as though my admin user is in the wheel group as the "id" output shows.

Anyway, I can see the logs now so thank you guys. My questions above are only because me trying to understand the "why".

viragomann · Mar 21, 2023, 4:41 PM

@peterlecki
My admin user hast shell access to the logs with these privileges:

stephenw10 · Mar 21, 2023, 5:36 PM

Yes, admin should have the ssh privilege by default but looking back it looks like yours doesn't for some reason.

In pfSense admin and root are effectively the same account. There is no root account in the user manager. If you manually changed the root password that could cause other problems.

Steve

peterlecki · Mar 21, 2023, 6:46 PM

@stephenw10 @Gertjan
Doh! User error. I always disable the default "admin" and create another admin user, hence why I was not able to ssh as root. This is probably why my NewAdmin is not in the "wheel" group but instead in the "nobody" group.

I can't add NewAdmin into wheel group due to

usermod: command not found

But now that I have "sudo" and I understand the cause for this workaround, I'm fine with it.