Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New Package: sudo

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      It gets requested extremely often, so I went ahead and made a simple-yet-effective package for sudo. It's up now for 2.0.3 and 2.1 (though it looks better on 2.1!)

      Once installed, visit System > sudo, and you can define access rules for users and commands that can be run.

      It could probably still use a little polish, but it gets the job done and does what most people will want, which is to let certain users (or the admin group) run commands as root.

      Suggestions/patches welcome. There is some explanatory text on the page but it only shows up on 2.1 since 2.0.x doesn't support the "info" type package tag.

      More info on the wiki: http://doc.pfsense.org/index.php/Sudo_Package

      Initially I had thought I would use the privilege system, but then it wouldn't have been flexible in allowing users to only run specific commands. It could still be done both ways, but some care would be needed to avoid collisions. For now though, the way the package is written, it worked for me on a few different test VMs.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        FYI- This is obvious if you visit the GUI after installing it, but by default it puts in three rules:

        1. Allow root to use sudo to run anything as root (duh)
        2. Allow admin to use sudo to run anything as root (See above)
        3. Allow anyone in the admins group to run anything as root

        #3 is what most people want from sudo, but others may not like it. It seemed like a good default setting, and it does get applied as soon as the package is installed.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Fixed an issue with the i386 install today, it should be good for everyone again. Feedback would be appreciated, thanks!

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            The install bug report got me to actually try this. It is installed and working on a bunch of systems. Now I can add individual user names, put them in the admins group, then they can ssh in, get a command line and

            sudo -s
            

            to get a decent looking shell as root, if needed.
            The admin (root) password on each system no longer needs to be remembered (= constantly looked up when going to different systems) and shared with multiple people.
            So far, the defaults work fine for me, it's IT admin staff who need "all or nothing" access. I haven't played with giving users access to only particular commands…
            It's a good thing - thanks.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.