SSH Restart Script

rcampbell

I'm trying to create a script to restart pfSense, but I am stuck on the command to do so.

So far I have created a new user and added them to the admins group.  When I ssh into pfSense with this user it bypasses the text based menu and goes directly to the command prompt - perfect.

This is where I start having problems…

[2.2.4-RELEASE][admin2]/: reboot
reboot: Operation not permitted

[2.2.4-RELEASE][admin2]/: init 6
init: Operation not permitted

[2.2.4-RELEASE][admin2]/: sudo init 6
sudo: Command not found.

[2.2.4-RELEASE][admin2]/: shutdown -r now
/sbin/shutdown: Permission denied.

[2.2.4-RELEASE][admin2]/home/shr-fs2: su init 6
su: Sorry

How do I give the new admin user the permissions to run these commands?

doktornotor

Huh… How about

/etc/rc.reboot

rcampbell

Same problem, not enough permissions.

doktornotor

Perhaps try as admin.  ::)

rcampbell

Running as admin or root, brings up the text menu on ssh login so for a script to run that won't work.

doktornotor

It will NOT ever work as non-admin. Dunno really what you were thinking? You don't allow random users reboot your box. Either use the sudo package to allow the account to run the above, or patch the /etc/rc.initial script to accept shell commands as argument.

--- /etc/rc.initial	2015-01-25 15:46:30.000000000 +0000
+++ /etc/rc.initial	2015-01-25 15:50:33.000000000 +0000
@@ -38,6 +38,18 @@
 	fi
 fi

+# Parse command line parameters
+while [ $# -gt 0 ]; do
+	case $1 in
+		-c )	shift
+			/bin/sh -c $1
+			exit
+			;;
+		* )
+	esac
+	shift
+done
+
 CONFIG="/cf/conf/config.xml"
 WORD="https"

nicholfd

When I log in to pfSense with my personal account via SSH & "Authorized_keys", I don't get the menu. I just get a regular prompt:

nicholfd@Milhouse ~ $ ssh burns
Last login: Mon Aug 24 12:03:39 2015 from 192.168.169.178
[2.2.4-RELEASE][nicholfd@burns.springfield.com]/home/nicholfd: id
uid=2001(nicholfd) gid=65534(nobody) groups=65534(nobody),1999(admins)

This should work for you.  Note that you might have to supply full/explicit paths for everything:

nicholfd@Milhouse ~ $ ssh burns
Last login: Mon Aug 24 12:11:10 2015 from 192.168.169.178
[2.2.4-RELEASE][nicholfd@burns.springfield.com]/home/nicholfd: cat test.sh
date
echo "Done"
[2.2.4-RELEASE][nicholfd@burns.springfield.com]/home/nicholfd: logout
Connection to burns closed.
nicholfd@Milhouse ~ $ ssh burns "/home/nicholfd/test.sh"
Mon Aug 24 12:14:40 EDT 2015
Done
nicholfd@Milhouse ~ $ 

rcampbell

@doktornotor
I think you've missed what I'm trying to do.

@nicholfd
Looking at your group membership, you will have the same problem as I had above if you try to run those system commands - not enough permissions.

I think I've found the answer that I'm looking for..
When testing I was using putty and thats when I noticed the text menu upon login for the admin and root user (they both use the same password, is it user alias? not sure, but they have different group membership).

I'm now using plink (command line version of putty) to create the ssh session and call a script file which runs the 'init 6' command.  If I create the ssh session as admin, the script file cannot run as the session gets stuck on the pfSense text menu waiting for an option to be selected.

If I create the session as root, the script file runs successfully and I can achieve the reboot as required.

Its working now, but it does leave me with a question…. if I create an ssh session with putty as either admin or root I see the pfSense text menu.  If I create a session with plink for both users, I would expect neither of them to be able to run commands as the pfSense text menu is waiting for input, why then does it work for root?

doktornotor

No, I didn't miss what you are trying to do.
1/ You simply do NOT reboot box as non-admin. This ain't Windoze.
2/ Already told you to use sudo and allow the proper command for the account your wish to use for the job.
3/ In case you do NOT want to use sudo and another account, I gave you what you need to be able to pass commands to the default admin shell (which happens to be /etc/rc.initial (the "text menu").

What's your idea with calling init 6 or similar crap when there's a script intended EXACTLY for rebooting the box??? Sigh.

rcampbell

Yeah you've definately missed it, and you seem quite hot headed about it.

This is an admin user as stated in the original post, I'm not trying to restart with a non-admin user.
Sudo is not a recognized command, to run 'su' the user needs to be in the 'wheel' group which they are not added to when creating the user through the pfSense Web UI.  The user must be created using pw useradd and added to the wheel group to be able to run su.

The command: init 6 (a graceful reboot) or 'similar crap' or the reboot script wasn't the actual problem… which you missed.

doktornotor

Argh.

1/ Install the sudo package as told! Hell… Read what people tell you.

@doktornotor:

Either use the sudo package to allow the account to run the above

2/ You also sure like hell were NOT trying as admin, since you explicitly told us that it "would not work".

@rcampbell:

Running as admin or root, brings up the text menu on ssh login so for a script to run that won't work.

So I gave you the patch so that it would work. And here we go again.

P.S. And if you actually read what's the /etc/rc.reboot doing, you'd see why NOT use init 6 or similar crap.

Done with you, dude. Extreme waste of time.

rcampbell

Why install packages and modify files when its not necessary?

Thanks for the tip on the existing reboot script though, I'll update my command :)

You know your help might be better recieved if you offered it with a touch of deocrum.  In each post of this thread you've given a derogatory comment, expression (rolling eyes) or just plain condecending.  This attitude probably accounts for your high number of smite points.

No one wants to receive help from someone being like that.  Something to reflect on for future posts.