Bug #10781
closedIncorrect env variables if admin user logged in via ssh
100%
Description
How to reproduce:
1. ssh in as admin@
2. menu entries 16/11
after that running 'echo <any_command> | su -m <anyuser>' on the Diagnostics / Command Prompt page shows /etc/rc.initial menu:
pfSense - Netgate Device ID: XXX *** Welcome to 2.4.5-RELEASE-p1 (amd64) on pf4 *** WAN (wan) -> vtnet1 -> v4/DHCP4: 192.168.1.100/24 LAN (lan) -> vtnet0 -> v4: 192.168.2.4/24 OPT1 (opt1) -> vtnet2 -> v4: 172.16.3.6/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell pfSense - Netgate Device ID: XXX *** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pf4 *** WAN (wan) -> vtnet1 -> v4/DHCP4: 192.168.1.100/24 LAN (lan) -> vtnet0 -> v4: 192.168.2.4/24 OPT1 (opt1) -> vtnet2 -> v4: 172.16.3.6/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell kill: 2121: Operation not permitted
It seems that $SSH_TTY from admin@ ssh session is used in https://github.com/pfsense/pfsense/blob/master/src/etc/skel/dot.profile
This causes DNS Resolver restart service issue https://forum.netgate.com/topic/154721/dns-resolver-issue-since-2-4-5-p1-upgrade-from-2-4-4-p3:
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors: /var/unbound/test/unbound_server.pem: No such file or directory [1592837331] unbound-checkconf[8845:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist
as it uses 'su -m' command: https://github.com/pfsense/pfsense/blob/ba6398892350503d60ca324d4738dcf16f5d5c8e/src/etc/inc/unbound.inc#L629
How to resolve:
1. ssh in as root@
2. menu entries 16/11
same issue on 2.5.0.a.20200721.0050
Updated by Viktor Gurov about 4 years ago
- Category changed from Web Interface to DNS Resolver
Updated by Viktor Gurov about 4 years ago
Updated by Jim Pingle about 4 years ago
- Status changed from New to Pull Request Review
- Target version set to 2.5.0
Updated by Renato Botelho about 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Max Leighton about 4 years ago
- Status changed from Feedback to Resolved
When replicating the behavior in 2.4.5_1 I was also seeing this error when making changes to the DNS Resolver:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/root.key: No such file or directory
[1600096422] unbound-checkconf[92233:0] fatal error: auto-trust-anchor-file: "/var/unbound/test/root.key" does not exist in chrootdir /var/unbound
Tested in:
2.5.0-DEVELOPMENT (amd64)
built on Mon Sep 14 07:02:16 EDT 2020
FreeBSD 12.2-PRERELEASE
And confirmed this is no longer an issue. Resolving the ticket.