creating a new user on Gaia via CLI

Creating a new user on Gaia via CLI



switch to clish shell

if you aren't here already or are at the expert prompt, just type...
[Expert@myfirewall]# clish
myfirewall>
Clish will give you the > prompt

add user

> add user jsmith uid 0 homedir /home/jsmith
(where jsmith should be replace with your username)

set optional parameters

> set user jsmith realname 'john smith' shell /bin/bash gid 100

set password

> set user jsmith password

set roles

> add rba user jsmith roles adminRole

set access

> add rba user jsmith access-mechanisms Web-UI,CLI

I don't like setting the user to the root UID, but this is how you get an account with root access. When adding via the web interfaces, it does the same thing. I think Check Point made a mess of the auth permissions as they have in the past. Without setting the root uid above, a user can't run fw commmands like "fw stat" and you get error upon login.
example login error:
/opt/CPshrd-R75.40/tmp/.CPprofile.sh: line 96: /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh: Permission denied
# ls -l /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh
-rwxrwx--- 1 admin bin 82 Apr  4  2012 /opt/CPcvpn-R75.40/scripts/CVPNprofile.sh
The users group needs to be added to /etc/ssh/sshd_config "AllowedGroups" line. All check point allows there is the root group. Go figure. Sounds insecure to me.

When adding via the WebUI
  1. cat /etc/passwd|grep jsmith
jsmith:x:0:100:john smith:/home/jsmith:/bin/bash

Comments

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall