Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to add a new WebCfg page to the System Privileges list?

    Scheduled Pinned Locked Moved Development
    6 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robi
      last edited by

      I've created a new php page on my pfSense box with some custom functions I need in my corporate environment. The page and its functions work great for the default admin account.

      Now there's another user group added, which has to be able to access that page, and a couple of others from the system. And there's a new user in that group, inheriting privileges.

      Unfortunately the page I've just created doesn't show up on System: Group manager: Add privileges pages, thus I can't assign that to the group.

      I'd be happy even with a solution to show that page for everyone by default, as the pages I want to hide are all pfSense's default, and they can be hidden.

      Please give me some hints. Thanks.

      1 Reply Last reply Reply Quote 0
      • R
        robi
        last edited by

        Found it.

        In
        /etc/inc/priv.defs.inc    add:

        $priv_list['page-yours'] = array();
        $priv_list['page-yours']['name'] = gettext("WebCfg - Your new page");
        $priv_list['page-yours']['descr'] = gettext("Allow access to options on your new page.");
        $priv_list['page-yours']['match'] = array();
        $priv_list['page-yours']['match'][] = "your_new_page.php*";
        

        Go to System: Group manager: Add privileges and find the new privilege at the bottom of the list.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Don't edit that file. Make your own file in /etc/inc/priv/ or /usr/local/pkg/priv, e.g. "mycustomstuff.inc" and put the definition there, so it does not get overwritten.

          From those two dirs, *.inc get read in when checking privileges.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • R
            robi
            last edited by

            Hmm. I tried adding these lines to /usr/etc/inc/priv/user.priv.inc, and they weren't taken into account.

            This is NanoBSD in my case, I guess "so it does not get overwritten" wouldn't be true, i guess…
            (afaik an upgrade wipes the entire other partition and replaces it with the one from the new image, right? Thus /etc/inc/priv/* wouldn't be kept either...)

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @robi:

              Hmm. I tried adding these lines to /usr/etc/inc/priv/user.priv.inc, and they weren't taken into account.

              It would work in that file, too, but it's still not the right place. Make sure you are using the correct format and put them in the correct place in the file.

              @robi:

              This is NanoBSD in my case, I guess "so it does not get overwritten" wouldn't be true, i guess…
              (afaik an upgrade wipes the entire other partition and replaces it with the one from the new image, right? Thus /etc/inc/priv/* wouldn't be kept either...)

              Yes but it's a lot simpler to copy your own file back in place than to re-do edits to existing files.

              Take for example the OpenVPN Client Export package. It puts in its own privilege file, /etc/inc/priv/openvpn.inc

              
              global $priv_list;
              
              $priv_list['page-openvpn-client-export'] = array();
              $priv_list['page-openvpn-client-export']['name'] = "WebCfg - OpenVPN: Client Export Utility";
              $priv_list['page-openvpn-client-export']['descr'] = "Allow access to the OpenVPN: Client Export Utility page.";
              $priv_list['page-openvpn-client-export']['match'] = array();
              $priv_list['page-openvpn-client-export']['match'][] = "vpn_openvpn_export.php*";
              
              ?>
              

              And that shows up fine in the privilege list for me.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • R
                robi
                last edited by

                Yes it works in my case too.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.