Feature #3026

Differentiate root and admin users

Added by Davide Principi almost 5 years ago. Updated almost 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:<multiple packages>
Target version:v6.6-rc1
Resolution: NEEDINFO:No

Description

The root and admin users have now the same password and any future password change is reflected on both accounts. This is controlled by AdminIsNotRoot key in ConfigDB. Moreover, if the admin user is not present (because nethserver-directory is not installed) it is still possible to login on the server-manager using admin username.

Starting from 6.6 the two accounts will be completely autonomous:
  • both have complete control with server-manager
  • only root exists on base system
  • when nethserver-directory is installed the admin account is created and the root's password hash is copied
  • when nethserver-samba is installed the admin password must be set to generate the NTLM hash

Related issues

Related to NethServer 6 - Feature #2492: Move admin user in LDAP DB CLOSED 12/17/2013 12/19/2013
Related to NethServer 6 - Bug #3089: Server Manager: admin login still possible CLOSED

Associated revisions

Revision 633606cc
Added by Davide Principi almost 5 years ago

UserNotifications (defineTemplate): added optional $cssClass argument. Refs #3026

- Notification: flattened CSS styles

Revision ff9bab37
Added by Davide Principi almost 5 years ago

Bump Nethgui 633606cc016eb02743a6e0412169fd6f4aaa18fe. Refs #3026

Revision 4810bd96
Added by Davide Principi almost 5 years ago

ConfigDB: removed AdminIsNotRoot key. Refs #3026

Revision cbd50195
Added by Davide Principi almost 5 years ago

New admin-todos UI helper. Refs #3026

Executes scripts under /etc/nethserver/todos.d. Each script must
print a JSON object to standard output. The object format is: ::

{
"text": &lt;string&gt;,
"action": { "label": &lt;string&gt;, "url": &lt;string&gt; },
"icon": &lt;string&gt;
}
  • `action` is optional
  • `url` will be passed to $view->getModuleUrl()
  • `icon` should be the Font Awesome icon name (e.g. info-circle )

Revision 71ba8652
Added by Davide Principi almost 5 years ago

AdminTodo UI module: show TODOs in Dashboard and Software center. Refs #3026

Revision f02e2988
Added by Davide Principi almost 5 years ago

20samba_admin todo script: check Samba admin's password. Refs #3026

Revision e42cd499
Added by Davide Principi almost 5 years ago

nethserver-samba it, en catalogs. Refs #3026

Revision 765d4f35
Added by Davide Principi almost 5 years ago

Root and admin account passwords are no longer synchronized. Refs #3026

The AdminIsNotRoot key has been removed.

Revision c619a4bd
Added by Davide Principi almost 5 years ago

Software center: hide AdminTodo tab. Refs #3026

Revision 11f3a253
Added by Davide Principi almost 5 years ago

Configuration DB migrate: fixed DB ->open_ro(). Refs #3026

Revision 0f2a35bf
Added by Davide Principi almost 5 years ago

TODOs API documentation. Refs #3026

Revision e1ca57ba
Added by Davide Principi almost 5 years ago

Added TODO API JSON schema. Refs #3026

Revision 12696ba6
Added by Davide Principi almost 5 years ago

Don't set admin's default password hash Refs #3026

The initial admin's password is no longer copied from root's one.

Revision 93571a53
Added by Davide Principi almost 5 years ago

Suggest logging in as root if admin user is not available. Refs #3026

Revision 690c4a75
Added by Davide Principi almost 5 years ago

Release notes: Differentiate root and admin users. Refs #3026

Revision 8b0c09a9
Added by Davide Principi almost 5 years ago

Merge pull request #55 from DavidePrincipi/todos-api

TODOs API documentation. Refs #3026 (verified)

Revision b651e075
Added by Davide Principi almost 5 years ago

Merge pull request #57 from DavidePrincipi/root-admin

Release notes: Differentiate root and admin users. Refs #3026

Revision e15f04d9
Added by Davide Principi almost 5 years ago

Fixed Admin user section. Refs #3026

Revision ff444151
Added by Davide Principi over 4 years ago

Root and admin account passwords are no longer synchronized. Refs #3026

The AdminIsNotRoot key has been removed.

History

#1 Updated by Davide Principi almost 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#2 Updated by Davide Principi almost 5 years ago

#3 Updated by Davide Principi almost 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Test case

Update
  • nethserver-base
  • nethserer-lib
  • nethserver-httpd-admin
Checks
  • AdminIsNotRoot key in ConfigDB must be removed during package update
  • admin can't access the server-manager if nethserver-directory is not installed
  • after installing nethserver-directory admin has the same password of root
  • changing root's password must not change admin's one any more
  • after installing nethserver-samba a notification is displayed in Software center, requiring admin password change. Dashboard also must show the notification until the password is actually changed.

#4 Updated by Davide Principi almost 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing 6.6:
nethserver-httpd-admin-1.3.6-2.23.gff9bab3.ns6.noarch.rpm
nethserver-httpd-admin-1.3.6-2.24gitbb1995b.ns6.noarch.rpm
nethserver-samba-1.4.11-1.2.ge42cd49.ns6.noarch.rpm
nethserver-lib-2.1.3-1.3.gd801be9.ns6.noarch.rpm

nethserver-base-2.5.4-1.55.g033ca61.ns6.noarch.rpm
nethserver-base-2.5.5-2.56.g40d4a54.ns6.noarch.rpm
nethserver-base-2.5.5-50.57.g11f3a25.ns6.noarch.rpm

#5 Updated by Giacomo Sanchietti almost 5 years ago

  • Assignee deleted (Davide Principi)

#6 Updated by Giacomo Sanchietti almost 5 years ago

  • Category changed from nethserver-directory to <multiple packages>

#7 Updated by Davide Principi almost 5 years ago

Packager note

Update developer's manual
https://github.com/nethesis/nethserver-docs/pull/55

#8 Updated by Giacomo Sanchietti almost 5 years ago

  • Assignee set to Giacomo Sanchietti

#9 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90
Checks
  • AdminIsNotRoot key in ConfigDB must be removed during package update VERIFIED
  • admin can't access the server-manager if nethserver-directory is not installed VERIFIED
  • after installing nethserver-directory admin has the same password of root VERIFIED
  • changing root's password must not change admin's one any more VERIFIED
  • after installing nethserver-samba a notification is displayed in Software center, requiring admin password change. Dashboard also must show the notification until the password is actually changed. VERIFIED

Also successfully tested new API for todo's

#10 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from VERIFIED to ON_QA
  • % Done changed from 90 to 70

#11 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20
We should implement the following steps to ease the migration for users:
  • if the user try to access with admin and the user doesn't exist, the login form must suggest something like "Please use the root user"
  • after nethserver-directory install, do not sync admin password with root to avoid confusion

#12 Updated by Davide Principi almost 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#13 Updated by Davide Principi almost 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Additional test case

  • Try to log in as "admin": if nethserver-directory is not installed a login error message asks to log in as "root"
  • After nethserver-directory installation the admin user is not enabled

#14 Updated by Davide Principi almost 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-directory-2.0.6-1.3.g12696ba.ns6.noarch.rpm
nethserver-base-2.5.5-50.58.g93571a5.ns6.noarch.rpm

Packager note

Add release notes to documentation
https://github.com/nethesis/nethserver-docs/pull/57

#15 Updated by Giacomo Sanchietti almost 5 years ago

  • Assignee set to Giacomo Sanchietti

#16 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Test case
If nethserver-directory is not installed, the UI displays:

User "admin" is not available. Login as "root".

After installing nethserver-directory and changing the password of admin user, the user can correctly login.

#17 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-base 6.6:
  • nethserver-base-2.6.0-1.ns6.noarch.rpm
  • nethserver-directory-2.1.0-1.ns6.noarch.rpm
  • nethserver-samba-1.5.0-1.ns6.noarch.rpm

#18 Updated by Davide Principi over 4 years ago

  • Related to Bug #3089: Server Manager: admin login still possible added

Also available in: Atom PDF