Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"sh: /conf/pfatt/bin/pfatt.sh: Permission denied" on pfSense 2.6 w/ ZFS #81

Open
MazuMoon opened this issue Apr 6, 2023 · 4 comments
Open

Comments

@MazuMoon
Copy link

MazuMoon commented Apr 6, 2023

Not sure if this is an issue, or just something I’m doing wrong. I’m fairly new to pfSense and a lot of this is over my head.

I installed pfSense 2.6 on a Protectli Vault and selected ZFS for the filesystem. I followed the bridge method instructions from the supplicant branch, but couldn’t get it working, so I tried the master branch, and it worked fine. Then I decided try the supplicant method with certificates.

During bootup, I kept getting:

sh: /conf/pfatt/bin/pfatt.sh: Permission denied

My file permissions, showed:

-rwxr-xr-x 1 root wheel 9194 Apr 5 14:18 pfatt.sh

Since I couldn’t get it working, I moved pfatt.sh to /root/bin and left the certs in /conf/pfatt/wpa. I rebooted and everything worked as expected.

There’s a Netgate forum post (see Apr 26, 2022, 6:03PM & Jul 21, 2022, 4:24 PM) which discusses a similar permissions issue. They mention /conf being locked down and a Netgate admin says to use /root instead. That led me to try mount -p, which shows:

pfSense/cf/conf /cf/conf zfs rw,noexec,nosuid,noatime,nfsv4acls 0

I’m assuming noexec on the pfSense/cf/conf line means pfatt.sh can’t run in the /conf directory. Does this sound correct? If so, any issue with leaving pfatt.sh in /root/bin? Thanks.

@owenthewizard
Copy link
Contributor

I’m assuming noexec on the pfSense/cf/conf line means pfatt.sh can’t run in the /conf directory.

Correct

If so, any issue with leaving pfatt.sh in /root/bin?

No issue, just make sure you have the correct path(s) when calling the script, certificates, etc.

@gpz1100
Copy link

gpz1100 commented Apr 6, 2023

Is there a particular reason why /conf was chosen as the folder for the pfatt.* scripts in the first place? I recall this being used way back - 3+ years ago when the script first came about.

@MazuMoon
Copy link
Author

MazuMoon commented Apr 7, 2023

No issue, just make sure you have the correct path(s) when calling the script, certificates, etc.

Thanks!

@owenthewizard
Copy link
Contributor

Is there a particular reason why /conf was chosen as the folder for the pfatt.* scripts in the first place?

To be honest I'm not familiar enough with pfSense to know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants