Create user with only backup permissions



  • Following the guide on here I have an account setup with a cron job to download my configs off all my pfsense boxes. The only thing i dont like is that this account has both backup and restore permissions.

    Is there a way to prevent the restore permissions?

    Thanks



  • What could they possibly do?  Other than restore a configuration that gives them 100% admin access?  I mean…  Besides that, its all good.


  • Rebel Alliance Developer Netgate

    There is a "deny config write" permission but I believe the restore process ignores that because it doesn't actually write the config in the traditional way.

    If that already doesn't work, then someone could probably add a few lines of code to the backup/restore page to deny restore if they have that permission bit set.


Log in to reply