Permissions for second admin?



  • Greetings to you all, pfsensers!

    I have an embedded installation on a CF-Card running on an Alix Board. It's a test system / toy, no production environment.

    I wanted a user with direct shell access via ssh because having to press 8 on the menu everytime annoyed me. I created my user 'admin2' via webinterface and put it into the admin group. Great success: admin2 can do a ssh login, is not displayed the menu and is member of the wheel group. But: the user still cannot do certain things. For example, when I try to stop an interface, this happens:

    
    [2.0.1-RELEASE][admin2@pfbox]/home/admin2(3): /etc/rc.linkup vr1 stop
    PHP Warning:  fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123
    
    Warning: fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123
    PHP Warning:  flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134
    
    Warning: flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134
    PHP Warning:  fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135
    
    Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135
    
    

    I searched the forums and found it may have to do with missing disk space and/or inodes. I'm pretty sure this is not the case:

    
    [2.0.1-RELEASE][admin2@pfbox]/home/admin2(5): df -h -i
    Filesystem           Size    Used   Avail Capacity iused ifree %iused  Mounted on
    /dev/ufs/pfsense0    1.8G    236M    1.4G    14%     11k  232k    5%   /
    devfs                1.0K    1.0K      0B   100%       0     0  100%   /dev
    /dev/md0              38M    112K     35M     0%      75  5.3k    1%   /tmp
    /dev/md1              58M    8.4M     45M    16%     137  7.8k    2%   /var
    devfs                1.0K    1.0K      0B   100%       0     0  100%   /var/dhcpd/dev
    
    

    Another possibility seems to be a faulty drive, which I can not rule out. On the other hand, I never get the error message with users root or admin. Therefore I suspected it to be a user related issue.

    Thanks for reading!


  • Rebel Alliance Developer Netgate

    Only the root/admin user has the rights to do any of that.

    Until we bake it in somehow, you'll need to setup sudo access manually for those accounts:

    pkg_add -r sudo; rehash; visudo (then make edits to allow your account access) then you can run sudo and execute commands as root.

    Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.

    $ ssh root@192.168.x.y -t 'tcsh -l'
    Password:
    [2.1-BETA0][root@pfsense-amd64.localdomain]/root(1): 
    


  • @jimp:

    Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.

    Sometimes one fails to see the forest for the trees… :-[

    Thank you jimp, much appreciated!


Log in to reply