Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Creating a user with sudo privileges on console but no web access
« previous
next »
Print
Pages: [
1
]
Author
Topic: Creating a user with sudo privileges on console but no web access (Read 4612 times)
cpw
Jr. Member
Posts: 71
Karma: 4
Creating a user with sudo privileges on console but no web access
«
on:
July 09, 2019, 06:24:04 pm »
Hi
I want to create a user I can use to access the console (including sudo power to reboot etc), but which has no web access.
I have a root user, but that user has full access to the whole GUI. Thusly, since the web UI is accessible from everywhere, it has a nice crazy long password (120 characters or so), kept in a password db. Trivially, using that user on the console is
not fun
. I'd like a user that can have a short "secure" password, but has no web UI access.
I can't see a way to give it sudo console access without being a member of the admins group, which also gives it full UI access, thus presenting a glaring security hole (IMO).
Thoughts?
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Creating a user with sudo privileges on console but no web access
«
Reply #1 on:
July 09, 2019, 09:53:27 pm »
Why not restrict the web gui to certain ips? My opnsenses are just accessible via management network and from admin pcs.I
Maybe you have to disable the anti-lockout option and add your own access rule.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Creating a user with sudo privileges on console but no web access
«
Reply #2 on:
July 09, 2019, 10:50:19 pm »
Isn't that what
https://github.com/opnsense/core/issues/3407
was all about? It did hit 19.1.8.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Creating a user with sudo privileges on console but no web access