Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to give access to a user to view realtime of squid3

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ashima LAYER 8
      last edited by

      Hello everyone,

      I have to  allow a user to login to pfsense box and view only the reports generated by sarg and view RealTime tab of squid3 package.

      My setup

      pfsense 2.2.3 with squid, squidguard and sarg.

      I have created a user manager under the group groupmanager. I have given following rights to it

      webcfg-Packages: setting page
      webcfg-Package: setting page
      webcfg-Packages: edit page

      with these rights he is able to see these packages when he logs on to pfsense box as manager but the Realtime tab of squid3 and ViewReport  tab of sarg  is missing.

      What other rights do I have to enable in UserManager  so that he is able to view the reports.

      I am ofcourse able to view reports when I login as admin.

      Thank you
      with regards,
      Ashima

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        There are no ACLs defined anywhere in any of these packages. Won't work unless you add such feature to packages (edit the PHP files, include /usr/local/www/guiconfig.inc and add the proper section there).

        The ones you mentioned are for the package manager GUI itself, when you look e.g. at /usr/local/www/pkg_edit.php

        
##|+PRIV
##|*IDENT=page-package-edit
##|*NAME=Package: Edit page
##|*DESCR=Allow access to the 'Package: Edit' page.
##|*MATCH=pkg_edit.php*
##|-PRIV

        P.S. No, there's absolutely no documentation for these ACLs. Don't ask me how to add it somewhere.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          You can create a priv file in the folder:  /etc/inc/priv

          Here are a couple sample formats:

          https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.priv.inc

          https://github.com/pfsense/pfsense-packages/blob/master/config/snort/snort.priv.inc

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @BBcan177:

            You can create a priv file in the folder:  /etc/inc/priv

            Here are a couple sample formats:

            https://github.com/pfsense/pfsense-packages/blob/master/config/pfblockerng/pfblockerng.priv.inc

            https://github.com/pfsense/pfsense-packages/blob/master/config/snort/snort.priv.inc

            This looks good, guess I could do some mass pull request for the packages. This is now done for Squid3.

            Regarding the OP: Sorry, but the ACL is all or nothing, seriously don't have time to do any granular permissions here. You can recycle the file (grab it here) to allow only what's needed for real time (likely just squid_monitor.php and squid_monitor_data.php).

            1 Reply Last reply Reply Quote 0
            • A
              ashima LAYER 8
              last edited by

              I can't thank enough…. you guys are too prompt. Thanks to BBCan and doktornotor for the pointer.

              This is what I did :-    copied the file to /etc/inc/priv/squid3.priv.inc.

              Gave access rights  to webcfg:squid3 to user manager

              It worked :)

              A special thanks to doktornotor as he comes to rescue whenever I am struck.

              with warm regards,
              Ashima

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.