diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-07-12 15:31:14 -0600 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-07-12 15:31:14 -0600 |
| commit | 3e251b12903ea709b908d1cba30fe61cadbe2da3 (patch) | |
| tree | 058ed247ef42f2e907614e2341b9d0b69e3d7d55 /etc/inc/auth.inc | |
| parent | 21f0f60de583cd02343e5e186d75b5f367de30be (diff) | |
| download | pfsense-3e251b12903ea709b908d1cba30fe61cadbe2da3.zip pfsense-3e251b12903ea709b908d1cba30fe61cadbe2da3.tar.gz | |
Add SSH tunneling privilege to list of available privileges.
Diffstat (limited to 'etc/inc/auth.inc')
| -rw-r--r-- | etc/inc/auth.inc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 33fc3ad..7da3057 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -287,12 +287,13 @@ function local_user_set(& $user) { $lock_account = false; /* configure shell type */ + /* Cases here should be ordered by most privileged to least privileged. */ if (userHasPrivilege($user, "user-shell-access") || userHasPrivilege($user, "page-all")) { $user_shell = "/bin/tcsh"; - } elseif (userHasPrivilege($user, "user-ssh-tunnel")) { - $user_shell = "/usr/local/sbin/ssh_tunnel_shell"; } elseif (userHasPrivilege($user, "user-copy-files")) { $user_shell = "/usr/local/bin/scponly"; + } elseif (userHasPrivilege($user, "user-ssh-tunnel")) { + $user_shell = "/usr/local/sbin/ssh_tunnel_shell"; } else { $user_shell = "/sbin/nologin"; $lock_account = true; |
