Creating a user with sudo privileges on console but no web access

cpw · July 09, 2019, 06:24:04 PM

Hi
I want to create a user I can use to access the console (including sudo power to reboot etc), but which has no web access.

I have a root user, but that user has full access to the whole GUI. Thusly, since the web UI is accessible from everywhere, it has a nice crazy long password (120 characters or so), kept in a password db. Trivially, using that user on the console is not fun. I'd like a user that can have a short "secure" password, but has no web UI access.

I can't see a way to give it sudo console access without being a member of the admins group, which also gives it full UI access, thus presenting a glaring security hole (IMO).

Thoughts?

hbc · July 09, 2019, 09:53:27 PM

Why not restrict the web gui to certain ips? My opnsenses are just accessible via management network and from admin pcs.I
Maybe you have to disable the anti-lockout option and add your own access rule.

franco · July 09, 2019, 10:50:19 PM

Isn't that what https://github.com/opnsense/core/issues/3407 was all about? It did hit 19.1.8.

Cheers,
Franco

Creating a user with sudo privileges on console but no web access

cpw

July 09, 2019, 06:24:04 PM

hbc

July 09, 2019, 09:53:27 PM #1

franco

July 09, 2019, 10:50:19 PM #2