Difference between revisions of "creating a new user on secureplatform via CLI"
(→test new user account access) |
|||
Line 28: | Line 28: | ||
== test new user account access == | == test new user account access == | ||
− | + | Test the account by connecting to the SPLAT device via ssh. After a successful login, execute the "expert" command to gain full priveleges. | |
− | + | ||
== troubleshooting == | == troubleshooting == |
Revision as of 17:18, 5 April 2014
The following instructions are performed using the admin account in expert mode. We will create a regular user account with restricted priveleges in cpshell. Full expert access will be gained by the user by entering expert mode. It is possible to have a regular user with a bash shell. The problem is Check Point makes a mess of file and directory permissions, mangles shell environments, ect... This makes creating such a user more work. That won't be covered here.
Contents |
fix /etc/profile permissions
Check Point screws up the permissions on /etc/profile in SPLAT. In Gaia, it appears to be fixed. Regular users should have read access. Check /etc/profile permissions, if users don't have read access, set it with chmod.
[Expert@chkpfw1]# chmod 644 /etc/profile
creating the user account
create user account with the standard linux useradd command...
[Expert@chkpfw]# useradd -d /home/jsmith -s /bin/cpshell -o -u 0 -G wheel -m jsmith
set the user password
[Expert@chkpfw]# /usr/bin/passwd jsmith New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.
*** note *** the full path is required in the above command because Check Point aliases passwd to...
alias passwd='/bin/expert_passwd'
If you fail to execute the passwd binary by using the full path, you most likely won't be setting the user password, but the expert password... which is actually the password for the root account
Example of the incorrect way to reset a user password from the root (Expert) account:
[Expert@chkpfw]# passwd jsmith Enter new expert password: <<< if you see this prompt you messed up!
test new user account access
Test the account by connecting to the SPLAT device via ssh. After a successful login, execute the "expert" command to gain full priveleges.
troubleshooting
If login failures occur, examine /var/log/secure and /var/log/auth files for error messages.