Users

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

The system has multiple access levels for administrators (users). For VPN users, see the VPN server documentation. Users admin and root has implicit superuser access (see root access) unless overridden. Other users may be assigned to a specific login class.

Classes

Some login classes are included, and custom classes may be added with the capabilities available below. The built-in classes are:

Class Capabilities Comment
default The standard class that all users have, making them standard administrators
superuser x-superuser Full system access, such as enabling root access
read-only x-read-only Prevent changes to the system

and can be used like

system {
  authentication {
    user "staff" {
      class "read-only"
    }
    ...

Capabilities

The following custom capabilities may be used when creating a new login class; added to /cfg/skel/login.conf as documented in the login.conf(5) manual).

Name Comment
x-superuser Full system access, such as enabling root access
x-read-only Prevent changes to the system
x-no-network Prevent user from running network tools (such as ping)

and can be used as

read-only:\
       :x-read-only:\
       :tc=default: