Permissions for second admin?
-
Greetings to you all, pfsensers!
I have an embedded installation on a CF-Card running on an Alix Board. It's a test system / toy, no production environment.
I wanted a user with direct shell access via ssh because having to press 8 on the menu everytime annoyed me. I created my user 'admin2' via webinterface and put it into the admin group. Great success: admin2 can do a ssh login, is not displayed the menu and is member of the wheel group. But: the user still cannot do certain things. For example, when I try to stop an interface, this happens:
[2.0.1-RELEASE][admin2@pfbox]/home/admin2(3): /etc/rc.linkup vr1 stop PHP Warning: fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123 Warning: fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123 PHP Warning: flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134 Warning: flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134 PHP Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135
I searched the forums and found it may have to do with missing disk space and/or inodes. I'm pretty sure this is not the case:
[2.0.1-RELEASE][admin2@pfbox]/home/admin2(5): df -h -i Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ufs/pfsense0 1.8G 236M 1.4G 14% 11k 232k 5% / devfs 1.0K 1.0K 0B 100% 0 0 100% /dev /dev/md0 38M 112K 35M 0% 75 5.3k 1% /tmp /dev/md1 58M 8.4M 45M 16% 137 7.8k 2% /var devfs 1.0K 1.0K 0B 100% 0 0 100% /var/dhcpd/dev
Another possibility seems to be a faulty drive, which I can not rule out. On the other hand, I never get the error message with users root or admin. Therefore I suspected it to be a user related issue.
Thanks for reading!
-
Only the root/admin user has the rights to do any of that.
Until we bake it in somehow, you'll need to setup sudo access manually for those accounts:
pkg_add -r sudo; rehash; visudo (then make edits to allow your account access) then you can run sudo and execute commands as root.
Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.
$ ssh root@192.168.x.y -t 'tcsh -l' Password: [2.1-BETA0][root@pfsense-amd64.localdomain]/root(1):
-
Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.
Sometimes one fails to see the forest for the trees… :-[
Thank you jimp, much appreciated!