Netgate is offering COVID-19 aid for pfSense software users, learn more.
The sudo package configures basic rules for allowing unprivileged shell users (read: anyone but root/admin) to run commands as root or another user/group.
Once the package is installed, use the pfSense® webGUI to navigate to System > sudo, and define commands and who may run them.
More information on the full command options may be found in the sudoers manual.
By default the command is
ALL meaning the user can run any commands. Leaving
the commands field blank assumes
ALL. A comma-separated list of commands can
be supplied to limit the user to individual binaries. Full paths to binaries
must be used.
For example, to let
ping commands only as
root without a
Run As: User:
No Password: checked
To let anyone in the admins group run all commands as any user, but prompted for a password, set:
Run As: User: ALL Users
No Password: Unchecked
Multiple commands may be specified in a comma-separated list. If parameters are
specified after a command, they will be required. To disallow running a command
with parameters, add
"" after the command.
Run ping with any parameters:
Run ping only to
blahwithout any parameters:
Run ping and traceroute and their IPv6 variants with any parameters:
/sbin/ping, /sbin/ping6, /usr/sbin/traceroute, /usr/sbin/traceroute6
You can find a list of known issues with this package on the pfSense bug tracker.