Feature #3026
Differentiate root and admin users
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | <multiple packages> | |||
| Target version: | v6.6-rc1 | |||
| Resolution: | NEEDINFO: | No |
Description
The root and admin users have now the same password and any future password change is reflected on both accounts. This is controlled by AdminIsNotRoot key in ConfigDB. Moreover, if the admin user is not present (because nethserver-directory is not installed) it is still possible to login on the server-manager using admin username.
- both have complete control with server-manager
- only root exists on base system
- when nethserver-directory is installed the
adminaccount is created and the root's password hash is copied - when nethserver-samba is installed the
adminpassword must be set to generate the NTLM hash
Related issues
Associated revisions
UserNotifications (defineTemplate): added optional $cssClass argument. Refs #3026
- Notification: flattened CSS styles
Bump Nethgui 633606cc016eb02743a6e0412169fd6f4aaa18fe. Refs #3026
ConfigDB: removed AdminIsNotRoot key. Refs #3026
New admin-todos UI helper. Refs #3026
Executes scripts under /etc/nethserver/todos.d. Each script must
print a JSON object to standard output. The object format is: ::
{
"text": <string>,
"action": { "label": <string>, "url": <string> },
"icon": <string>
}- `action` is optional
- `url` will be passed to $view->getModuleUrl()
- `icon` should be the Font Awesome icon name (e.g. info-circle )
AdminTodo UI module: show TODOs in Dashboard and Software center. Refs #3026
20samba_admin todo script: check Samba admin's password. Refs #3026
nethserver-samba it, en catalogs. Refs #3026
Root and admin account passwords are no longer synchronized. Refs #3026
The AdminIsNotRoot key has been removed.
Software center: hide AdminTodo tab. Refs #3026
Configuration DB migrate: fixed DB ->open_ro(). Refs #3026
TODOs API documentation. Refs #3026
Added TODO API JSON schema. Refs #3026
Don't set admin's default password hash Refs #3026
The initial admin's password is no longer copied from root's one.
Suggest logging in as root if admin user is not available. Refs #3026
Release notes: Differentiate root and admin users. Refs #3026
Merge pull request #55 from DavidePrincipi/todos-api
TODOs API documentation. Refs #3026 (verified)
Merge pull request #57 from DavidePrincipi/root-admin
Release notes: Differentiate root and admin users. Refs #3026
Fixed Admin user section. Refs #3026
Root and admin account passwords are no longer synchronized. Refs #3026
The AdminIsNotRoot key has been removed.
History
#1
Updated by Davide Principi over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#2
Updated by Davide Principi over 6 years ago
- Related to Feature #2492: Move admin user in LDAP DB added
#3
Updated by Davide Principi over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Test case
Update- nethserver-base
- nethserer-lib
- nethserver-httpd-admin
AdminIsNotRootkey inConfigDBmust be removed during package update- admin can't access the server-manager if nethserver-directory is not installed
- after installing nethserver-directory admin has the same password of root
- changing root's password must not change admin's one any more
- after installing nethserver-samba a notification is displayed in Software center, requiring admin password change. Dashboard also must show the notification until the password is actually changed.
#4
Updated by Davide Principi over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing 6.6:nethserver-httpd-admin-1.3.6-2.23.gff9bab3.ns6.noarch.rpm
nethserver-httpd-admin-1.3.6-2.24gitbb1995b.ns6.noarch.rpm
nethserver-samba-1.4.11-1.2.ge42cd49.ns6.noarch.rpm
nethserver-lib-2.1.3-1.3.gd801be9.ns6.noarch.rpm
nethserver-base-2.5.4-1.55.g033ca61.ns6.noarch.rpmnethserver-base-2.5.5-2.56.g40d4a54.ns6.noarch.rpm
nethserver-base-2.5.5-50.57.g11f3a25.ns6.noarch.rpm
#5
Updated by Giacomo Sanchietti over 6 years ago
- Assignee deleted (
Davide Principi)
#6
Updated by Giacomo Sanchietti over 6 years ago
- Category changed from nethserver-directory to <multiple packages>
#7
Updated by Davide Principi over 6 years ago
Packager note
Update developer's manual
https://github.com/nethesis/nethserver-docs/pull/55
#8
Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#9
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
AdminIsNotRootkey inConfigDBmust be removed during package update VERIFIED- admin can't access the server-manager if nethserver-directory is not installed VERIFIED
- after installing nethserver-directory admin has the same password of root VERIFIED
- changing root's password must not change admin's one any more VERIFIED
- after installing nethserver-samba a notification is displayed in Software center, requiring admin password change. Dashboard also must show the notification until the password is actually changed. VERIFIED
Also successfully tested new API for todo's
#10
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to ON_QA
- % Done changed from 90 to 70
#11
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
- if the user try to access with
adminand the user doesn't exist, the login form must suggest something like "Please use the root user" - after nethserver-directory install, do not sync admin password with root to avoid confusion
#12
Updated by Davide Principi over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#13
Updated by Davide Principi over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Additional test case
- Try to log in as "admin": if nethserver-directory is not installed a login error message asks to log in as "root"
- After nethserver-directory installation the admin user is not enabled
#14
Updated by Davide Principi over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-directory-2.0.6-1.3.g12696ba.ns6.noarch.rpm
nethserver-base-2.5.5-50.58.g93571a5.ns6.noarch.rpm
Packager note
Add release notes to documentation
https://github.com/nethesis/nethserver-docs/pull/57
#15
Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#16
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Test case
If nethserver-directory is not installed, the UI displays:
User "admin" is not available. Login as "root".
After installing nethserver-directory and changing the password of admin user, the user can correctly login.
#17
Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-base-2.6.0-1.ns6.noarch.rpm
- nethserver-directory-2.1.0-1.ns6.noarch.rpm
- nethserver-samba-1.5.0-1.ns6.noarch.rpm
#18
Updated by Davide Principi over 6 years ago
- Related to Bug #3089: Server Manager: admin login still possible added