Web interface and sudo config

Samuel Mutel

Dabbler
Joined
Feb 21, 2020
Messages
21
Hello,

I am using FreeNAS 11.3. I have two questions about authentication:
* How to authorize a user to access to connect to the web user interface ?
* Is-it a way to be able to do sudo with simple user whithout typing his password ?

Thanks.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
1. You can't. The web UI is only accessable to the root user.
2. I don't know for FreeNAS, sorry.
 

Fredda

Guru
Joined
Jul 9, 2019
Messages
608
* Is-it a way to be able to do sudo with simple user whithout typing his password ?
There is no way to do that via the GUI. You'll need to hack the /conf/base/etc/local/sudoers file to achieve that.
(This will probably last till the next update of FreeNAS).
Or you create a post init task to modify the /usr/local/etc/sudoers file.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Isn't there a /usr/local/etc/sudoers.d directory? If there is, you can use a post-init task to add the necessary files there.
 

Fredda

Guru
Joined
Jul 9, 2019
Messages
608
There is, but it needs to be included via #includedir /usr/local/etc/sudoers.d directive from the /usr/local/etc/sudoers file,
which it is not by default.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Gnaaaa ...
 

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
There is, but it needs to be included via #includedir /usr/local/etc/sudoers.d directive from the /usr/local/etc/sudoers file,
which it is not by default.
fyi:
  • adding #includedir /usr/local/etc/sudoers.d to /usr/local/etc/sudoers doesn't survive a reboot.
  • Actually even adding a file to /usr/local/etc/sudoers.d doesn't survive a reboot (it gets removed!)
I also don't understand how to modify /conf/base/etc/local/sudoers so that it would "auto-add" the include to /usr/local/etc/sudoers . Actually it already contains the below lines by default, but still the include is not added to /usr/local/etc/sudoers .
Code:
## Read drop-in files from /usr/local/etc/sudoers.d
@includedir /usr/local/etc/sudoers.d


But I guess that even if I manage to get it added, it still wouldn't survive a TrueNAS upgrade, so it actually isn't a valid solution for our problem...

So I guess I'll have to create a post init task to modify the /usr/local/etc/sudoers file. Thanks for that tip!

edit:
Following post init command seems to do the trick for me:
Code:
echo -e "\n# NOPASSWD sudo for username, added by post-init script\nusername ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers

Replace username by the user for which you'd like to to have NOPASSWD enabled

edit2:
I also found following rejected suggestion which claims that it was added to the GUI in TrueNAS12.0-U3+, but I could not find this in TrueNAS12.0-U4. I've asked for clarification...

edit:
Apparently it is there, but only by using the API, not in the GUI. I'm not sure how to do it using the API though, so if anyone knows, feel free to let us know :)
 
Last edited:
Top