Cannot shutdown FreeNAS PC from Windows PC via SSH as normal user

[Deepak Agarwal]

Hi Everybody

I have been able to connect to my FreeNAS PC from Windows 7 PC using SSH through PuTTy. I am able to login - no problems. My intent is that this user should be able to shutdown/reboot my FreeNAS PC having logged in from my Windows PC. I have created this user in FreeNAS PC with full access.

I did create the 'shutdown.allow' file in the /etc folder with this user's username as the only entry in it.

When I give this command at my PuTTy terminal, it comes up with 'Permission Denied' error? Shouldn't it now already have the rights to do it? What else do I need to change in the settings to achieve this?


P.S. It seems this file /etc/shutdown.allow gets deleted when its rebooted from the web client. Is there a way to retain this file with the contents permanently?


Best regards


Deepak

 

[dlavigne]

shutdown.allow is for Linux systems, not FreeBSD, so that won't help.

However, you can give the user account sudo access (there is a checkbox for this in 9.2 user account screen) and have them use sudo to shutdown the system. Alternately, add them to the wheel group and have them su before running the shutdown command.

 

[Deepak Agarwal]

Hi dlavigne


Thanks for your response.

No wonder it wasn't working. At least now I know. I am pretty new to all this and hence I don't want to upgrade my installation from 9.1.1 to 9.2. I am happy with what I have as it works for what I want it to do!

Now, when I created this user called 'anyone', it also created a group called 'anyone' - I don't know how that helps but that's how it is!

If I were to add a line like :-

"anyone ALL=(ALL) NOPASSWD: ALL"

in the 'sudoers' file, save the file, and then enter the command 'sudo shutdown -h now' (to shutdown) or 'sudo shutdown -r now' (to reboot) on my Windows PC (PuTTy interface), that should work, you reckon!

As a next step, is there a way to run the above command via a batch file from my windows PC, that is, to start PuTTy on Windows terminal and then execute the above command to shutdown the FreeNAS PC?


Best regards



Deepak

 

[Neil Whitworth]

As a next step, is there a way to run the above command via a batch file from my windows PC, that is, to start PuTTy on Windows terminal and then execute the above command to shutdown the FreeNAS PC?

Yes, there is a tool called plink as part of the PuTTy suite that can do this. Note you may be propmted for your password once to connect, and once for sudo

 

[Deepak Agarwal]

Hi Everyone

I edited my /usr/local/sudoers file and added these 2 lines therein :-

anyone ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL

I saved the file by typing the command :w!

I then added the user 'anyone' to the wheel group.

I was then able to run the command on my PuTTY terminal
sudo shutdown -r now

and it shutdown and rebooted the FreeNAS PC - that was good but I then had a look at this /usr/local/sudoers file again and my modified file was replaced with the original file with the following contents

# Let find_alias_for_smtplib.py runs as root (it needs database access)
ALL ALL=(ALL) NOPASSWD: /etc/find_alias_for_smtplib.py

Is there a way to save this file with my alterations so that it is not replaced by the original file?



Best regards


Deepak

 

[cyberjock]

Yes..

mount -uw /
make your changes
mount -ur /

Keep in mind if you update FreeNAS you'll have to do this all over agian.

 

[Deepak Agarwal]

what does this do - can't find any help of this except that this is used for mounting/unmounting disks! Anywhere I can do some reading on that please?


Deepak

 

[cyberjock]

The FAQ tells you what it does(as well as this command).

The USB drive is mounted read-only for drive longevity. So those commands mount it writeable, then make it read-only again.

 

[Deepak Agarwal]

Hi Cyberjock

Yep, saw that! Also learn how to save a copy of the config file just in case something goes wrong with the USB stick - which I will do now!

So, on the shell (console) I just need to execute the following commands in sequence as follows :-

1. mount -uw /
2. visudo -> make changes as shown in my earlier messages save the file
3. mount -ur /

and this time around my modifications to the sudoers file should be retained, yeah!




Deepak

 

[Dusan]

You should not be modifying sudoers directly. FreeNAS 9.2.0 has a sudoers support in the GUI -- there is the "Permit Sudo" checkbbox on the Add/Edit User form: http://doc.freenas.org/index.php/Users
EDIT: Also, sudoers is actually in /etc/local and not /usr/local so mount -rw won't help you as /etc is always writable (it is a ramdisk). The file is generated by the ix-sudoers script based on the settings in the GUI.

 

[cyberjock]

Whoa.. good catch Dusan. Do what he recommends. If the WebGUI supports the feature you should always use it. :P

 

[Dusan]

dlavigne already mentioned it in the second post (#2), but it somehow got ignored.

 

[Deepak Agarwal]

Hi

I am not keen to upgrade to 9.2. As I indicated in my earlier post I am happy and comfortable using 9.1.1 and this option is not available in 9.1.1. It took a while to get it going and its working for me!

Whilst it might be less than ideal to not modify the sudoers file directly when options to do so are available in WebGUI, this is not the case in the version that I have installed and I would like to keep the version that I have. In that even could any of you advise of a way to save the modifications to the sudoers file? Further, it appears that there is a sudoers file in both locations viz /etc/local and in /usr/local/etc - which is the one that needs to be modified?

Best regards


Deepak

 

[Dusan]

Whilst it might be less than ideal to not modify the sudoers file directly when options to do so are available in WebGUI, this is not the case in the version that I have installed and I would like to keep the version that I have. In that even could any of you advise of a way to save the modifications to the sudoers file? Further, it appears that there is a sudoers file in both locations viz /etc/local and in /usr/local/etc - which is the one that needs to be modified?

/usr/local/etc is a symlink to /etc so it is the same thing. The file you actually need to modify to make the change permanent is /conf/base/etc/local/sudoers. Run "mountrw /" first to make the root filesystem writable, reboot after you do the change.

 

[Deepak Agarwal]

Hi Dusan

The command that you have asked me run first - is it 'mountrw' or as cyberjock had suggested - 'mount -uw'

The file you actually need to modify to make the change permanent is /conf/base/etc/local/sudoers.

If the file that I need to make changes to is located here :- '/conf/base/etc/local/', does the visudo command, by default, not change the sudoers file located there? I thought that was what the visudo command was supposed to do - I have read at so many places that for unix/linux systems that I must make changes to the sudoers file only using the visudo command, but from what you have just indicated it appears that that might only apply to unix/linux systems and not to freeBSD system such as FreeNAS.

But anyhow, so if I were to make changes to the sudoers file located in the '/conf/base/etc/local/ folder (after of course running the command to make the root file system writeable) using vi editor (and using the visudo command), will my changes be persistent after reboot?


Best regards


Deepak

 

[Dusan]

The command that you have asked me run first - is it 'mountrw' or as cyberjock had suggested - 'mount -uw'

mountrw is an alias in the FreeNAS csh. It expands to "mountrw -o noatime -rw". Using -o noatime is a good idea as we want to minimize writes to the USB stick and this option will prevent the OS from updating access times of every file you touch.

If the file that I need to make changes to is located here :- '/conf/base/etc/local/', does the visudo command, by default, not change the sudoers file located there?

It does not. It changes the file in /etc. However, /etc is a ramdisk and will disappear on shutdown. It will be recreated from /conf/base/etc on the next boot.

But anyhow, so if I were to make changes to the sudoers file located in the '/conf/base/etc/local/ folder (after of course running the command to make the root file system writeable) using vi editor (and using the visudo command), will my changes be persistent after reboot?

Yes, but use vi or nano. visudo will not change the proper file.
However, if you need such detailed instructions you should upgrade to FreeNAS 9.2.0. It is just one click in the FreeNAS 9.2.0 GUI.

 

[Deepak Agarwal]

Hi Dusan


I genuinely appreciated your assistance. Thanks a lot for your advice.

The reason I am so reluctant to tamper with a system that is working for me is that I am just too new and too raw for something like this! Whilst I do try to understand, this is not trivial stuff and it took me a while to get this system working for me and I am just too scared to change it for fear of stuffing it up again! Hence, this more than cautious approach. When I do get a trifle more comfortable working with it, then I might start to try out things!

mountrw is an alias in the FreeNAS csh. It expands to "mountrw -o noatime -rw".

One thing though on that, did you mean that the alias would expand to the command 'mount -o noatime -rw' - I didn't find mountrw but did find the command mount with an option of -o noatime -rw! This is just for my academic information.

Will do exactly as you suggested - I am just reiterating the steps for my own comfort :-
1. run mountrw from shell
2. make changes to the sudoers file located in the '/conf/base/etc/local/' folder using vi
3. run mount -ur


Out of interest, how involved is the process to upgrade from 9.1.1 to 9.2 anyway? Does it need recreating the volumes, recreating shares, reloading content files etc etc?



Best regards


Deepak

 

[Dusan]

The reason I am so reluctant to tamper with a system that is working for me is that I am just too new and too raw for something like this!

Doing changes to the read-only parts of FreeNAS is not tampering? I think there is a bigger risk that you break something by messing with the FreeNAS root filesystem than by upgrading to the new version.

Out of interest, how involved is the process to upgrade from 9.1.1 to 9.2 anyway? Does it need recreating the volumes, recreating shares, reloading content files etc etc?

It's easy, read the documentation: http://doc.freenas.org/index.php/Upgrading_FreeNAS
If you perform the upgrade procedure per manual you don't need to recreate/reconfigure anything and you can always revert to the previous version.

 

[Deepak Agarwal]

Hi Dusan


The following 3 steps :-

1. run 'mount -o noatime -rw' ('mountrw') or 'mount -ur /' from shell
2. make changes to the sudoers file located in the '/conf/base/etc/local/' folder using vi from shell
3. run 'mount -ur /' from shell

are good to go, yeah?

Based on what I read up on the documentation, its doesn't look too daunting. Do I need to upgrade the pool upgrade or that is the continuation of the bit for the case when something has gone wrong?


Hopefully, wouldn't trouble you after this!



Best regards


Deepak

 

[cyberjock]

The reason I am so reluctant to tamper with a system that is working for me is that I am just too new and too raw for something like this! Whilst I do try to understand, this is not trivial stuff and it took me a while to get this system working for me and I am just too scared to change it for fear of stuffing it up again! Hence, this more than cautious approach. When I do get a trifle more comfortable working with it, then I might start to try out things!

I don't think you've done good risk assessment. Playing with the raw FreeNAS files is far more dangerous than the FreeNAS upgrade.

If you check out the FreeNAS "Frequently asked questions" the commands I listed are there. That's been the recommended method since FreeNAS' FAQ was first written. So I say "why toy with what works?"