Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    easyrule Fatal Error for non-root user in admins group but not root user

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 1 Posters 102 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      ccrider
      last edited by

      When I attempt to add rules via easyrule with one particular user I get a Fatal Error message and with root I get success.

      Expected Behavior as "rba" user:

      easyrule block lan 192.168.1.72

      ...adds a block in the LAN zone for 192.168.1.72:

      Block added successfully

      Observed Behavior:

      easyrule block lan 192.168.1.72

      ...produces the error...

      Fatal error: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /etc/inc/config.lib.inc:1056
Stack trace:
#0 /etc/inc/config.lib.inc(1056): fwrite(false, 'a:31:{i:1767192...')
#1 /etc/inc/config.lib.inc(660): backup_config()
#2 /etc/inc/easyrule.inc(294): write_config('Blocked 192.168...')
#3 /etc/inc/easyrule.inc(386): easyrule_block_host_add('192.168.1.72', 'lan')
#4 /usr/local/bin/easyrule(34): easyrule_parse_block('lan', '192.168.1.72')
#5 {main}
  thrown in /etc/inc/config.lib.inc on line 1056
PHP ERROR: Type: 1, File: /etc/inc/config.lib.inc, Line: 1056, Message: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /etc/inc/config.lib.inc:1056
Stack trace:
#0 /etc/inc/config.lib.inc(1056): fwrite(false, 'a:31:{i:1767192...')
#1 /etc/inc/config.lib.inc(660): backup_config()
#2 /etc/inc/easyrule.inc(294): write_config('Blocked 192.168...')
#3 /etc/inc/easyrule.inc(386): easyrule_block_host_add('192.168.1.72', 'lan')
#4 /usr/local/bin/easyrule(34): easyrule_parse_block('lan', '192.168.1.72')
#5 {main}
  thrown

      When I attempt easyrule as the root user, the command executes successfully with no error messages.

      My next step was to eliminate permission issues, so I added the rba user to the admins group, logged rba out and back in, and re-attempted. I still encounter the error message even after putting rba in the admins group. For my use case, I'd like to log into pfsense as a user other than root, even if I have to give admin permissions to the non-root user.

      Running:

      2.7.2-RELEASE (amd64)
built on Fri Dec 8 15:55:00 EST 2023
FreeBSD 14.0-CURRENT

      I tried installing the patch referenced here for a different easyrule error, but that had no effect.

      I suppose if I get desperate enough I'll upgrade to 2.8.1 and try again. Anything else I should try before I hit up redmine?

      C 1 Reply Last reply Reply Quote 0
      • C Offline
        ccrider @ccrider
        last edited by

        Forgot to add one more possibly useful data point. The problem user "rba" can successfully execute a command like:

        easyrule showblock lan

        There are no errors with this or with a command like

        easyrule unblock lan 192.168.1.72

        ...as long as there are no entries. Once there is an easyrule entry, say for example a block placed by the root user, then I can only show the block, and running unblock as rba produces the same Fatal Error.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.