Difference between revisions of "creating a new user on Gaia via CLI"
From cpwiki.net
(→set uid to root) |
|||
| Line 21: | Line 21: | ||
/opt/CPshrd-R75.40/tmp/.CPprofile.sh: line 96: /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh: Permission denied | /opt/CPshrd-R75.40/tmp/.CPprofile.sh: line 96: /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh: Permission denied | ||
| + | |||
| + | # ls -l /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh | ||
| + | -rwxrwx--- 1 admin bin 82 Apr 4 2012 /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh | ||
| + | |||
| + | I will investigate adding the users to the bin group. Also, I will add them to the users group. The users group needs to be added to /etc/ssh/sshd_config "AllowedGroups" line. All check point allows there is the root group. Go figure. Sounds insecure to me. | ||
| + | |||
[[category:gaia]] | [[category:gaia]] | ||
Revision as of 19:12, 30 January 2014
where jsmith should be replace with your username
Contents |
add user
> add user jsmith uid 1005 homedir /home/jsmith
set parameters
> set user jsmith password
set roles
> add rba user jsmith roles adminRole
set access
> add rba user jsmith access-mechanisms Web-UI,CLI
set uid to root
# set user jsmith uid 0
I don't like setting the user to the root UID. I think Check Point made a mess of the auth permissions as they have in the past. Without setting the root uid above, a user can't run fw commmands like "fw stat".
error:
/opt/CPshrd-R75.40/tmp/.CPprofile.sh: line 96: /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh: Permission denied
# ls -l /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh -rwxrwx--- 1 admin bin 82 Apr 4 2012 /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh
I will investigate adding the users to the bin group. Also, I will add them to the users group. The users group needs to be added to /etc/ssh/sshd_config "AllowedGroups" line. All check point allows there is the root group. Go figure. Sounds insecure to me.
