Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Permissions for second admin?

    General pfSense Questions
    2
    3
    1851
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tkreu
      last edited by

      Greetings to you all, pfsensers!

      I have an embedded installation on a CF-Card running on an Alix Board. It's a test system / toy, no production environment.

      I wanted a user with direct shell access via ssh because having to press 8 on the menu everytime annoyed me. I created my user 'admin2' via webinterface and put it into the admin group. Great success: admin2 can do a ssh login, is not displayed the menu and is member of the wheel group. But: the user still cannot do certain things. For example, when I try to stop an interface, this happens:

      
      [2.0.1-RELEASE][admin2@pfbox]/home/admin2(3): /etc/rc.linkup vr1 stop
      PHP Warning:  fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123
      
      Warning: fopen(/tmp/config.lock): failed to open stream: Permission denied in /etc/inc/util.inc on line 123
      PHP Warning:  flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134
      
      Warning: flock() expects parameter 1 to be resource, null given in /etc/inc/util.inc on line 134
      PHP Warning:  fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135
      
      Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/util.inc on line 135
      
      

      I searched the forums and found it may have to do with missing disk space and/or inodes. I'm pretty sure this is not the case:

      
      [2.0.1-RELEASE][admin2@pfbox]/home/admin2(5): df -h -i
      Filesystem           Size    Used   Avail Capacity iused ifree %iused  Mounted on
      /dev/ufs/pfsense0    1.8G    236M    1.4G    14%     11k  232k    5%   /
      devfs                1.0K    1.0K      0B   100%       0     0  100%   /dev
      /dev/md0              38M    112K     35M     0%      75  5.3k    1%   /tmp
      /dev/md1              58M    8.4M     45M    16%     137  7.8k    2%   /var
      devfs                1.0K    1.0K      0B   100%       0     0  100%   /var/dhcpd/dev
      
      

      Another possibility seems to be a faulty drive, which I can not rule out. On the other hand, I never get the error message with users root or admin. Therefore I suspected it to be a user related issue.

      Thanks for reading!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Only the root/admin user has the rights to do any of that.

        Until we bake it in somehow, you'll need to setup sudo access manually for those accounts:

        pkg_add -r sudo; rehash; visudo (then make edits to allow your account access) then you can run sudo and execute commands as root.

        Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.

        $ ssh root@192.168.x.y -t 'tcsh -l'
        Password:
        [2.1-BETA0][root@pfsense-amd64.localdomain]/root(1): 
        

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          tkreu
          last edited by

          @jimp:

          Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.

          Sometimes one fails to see the forest for the trees… :-[

          Thank you jimp, much appreciated!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post