Regression #15992
closed
PHP Shell Permission Issue for User After Upgrade from 23.03 to 23.11
0%
Description
Hi
Description:
After upgrading from pfSense version 23.04 to 24.11, I encountered an issue where the nagios user, which is part of the admins group, is unable to execute certain commands as expected.
Steps to Reproduce:
In version 23.04, run the following commands:
[24.03-RELEASE][root@OpenVPN-RM-01.localdomain]/root: su nagios
[24.03-RELEASE][nagios@OpenVPN-RM-01.localdomain]/root: /usr/local/sbin/pfSsh.php playback svc status openvpn server 1
Service openvpn is running.
After upgrading to version 24.11, repeat the same commands:
[24.11-RELEASE][root@OpenVPN-NAB-02.localdomain]/root: su nagios
[24.11-RELEASE][nagios@OpenVPN-NAB-02.localdomain]/root: /usr/local/sbin/pfSsh.php playback svc status openvpn server 1
pkill: signalling pid 92034: Operation not permitted
pkill: signalling pid 13626: Operation not permitted
pkill: signalling pid 72460: Operation not permitted
pkill: signalling pid 43433: Operation not permitted
pkill: signalling pid 59628: Operation not permitted
pkill: signalling pid 59628: Operation not permitted
Service openvpn is stopped.
Impact:
The nagios user can no longer perform actions on pfSsh.php, it was able to prior to the upgrade, indicating a potential regression in permission handling for users in the admins group.
Request:
Please investigate and resolve this regression to restore expected functionality for users in the admins group.
Updated by Jim Pingle 8 months ago
- Status changed from New to Rejected
That has never been intended to work, it should only work as root/admin. It may have worked in certain cases by luck, but this is not a regression or bug.
Use the sudo package to grant that user permission to run the command instead.