Separate root / admin / user dashboard
Please follow this procedure :
Create a new group called “managers”
edit the “admin@yourserver.xx” user and remove the group “domain admin” from this user
Now instead of above, add the group “managers” to this user.
Administrator on you windows server can’t be removed from the group ‘domain admin’ so the Administrator will have full rights on the NethServer ( Like root ).
So what we do here is create an ‘admin’ as user for the NethServer with limited dashboard options.
This allows you to rent the NethServer to your customer and let them have limited management.
Make sure the password of your “root” user is different than that from the admin / administrator
admin / administrator can be same password if you wish ( mostly assigned to the same person )
Change the following file:
//usr/share/nethesis/NethServer/Authorization/base.json
See Row 16 : “Subject”: [“root”, “admin”, “.groups HAS adm”],
Change to : "Subject": ["root", ".groups HAS adm"],
Edit the following file:
//usr/share/nethesis/NethServer/Template/Dashboard/SystemStatus.php
change this part ( first and last line are new )
if($view[‘username’] === ‘root’) {
$view->includeJavascript("
(function ( $ ) {
function loadPage() {
$.Nethgui.Server.ajaxMessage({
isMutation: false,
url: $module1Url
});
}
$(document).ready(function() {
loadPage();
});
})( jQuery);
");
}
Edit : /usr/share/nethesis/NethServer/Module/Dashboard/SystemStatus.php
and replace the last 3 functions with the followin 4:
public function prepareView(\Nethgui\View\ViewInterface $view)
{
parent::prepareView($view);
$this->notifications->defineTemplate('adminTodo', \NethServer\Module\AdminTodo::TEMPLATE, 'bg-yellow');
$view['username'] = $this->userName;
}
public function setUserNotifications(\Nethgui\Model\UserNotifications $n)
{
$this->notifications = $n;
return $this;
}
public function setUser(\Nethgui\Authorization\UserInterface $u)
{
$this->user = $u;
$this->userName = $u->getCredential('username');
return $this;
}
public function getDependencySetters()
{
return array('UserNotifications' => array($this, 'setUserNotifications'),
'User' => array($this, 'setUser') );
}
Now system messages are visible for the root user only ( the yellow messages bar in top of the GUI )
Next…
Take the following steps to create a new fresh empty dashboard that wil show up for all users / managers:
mv //usr/share/nethesis/NethServer/Module/UserDashboard/UserProfileRedirect.php //usr/share/nethesis/NethServer/Module/UserDashboard/UserProfileRedirect.old
Create a new file “UserDashboard.php” containing the following:
touch //usr/share/nethesis/NethServer/Module/UserDashboard/UserDashboard.php
Put this inside :
<?php
namespace NethServer\Module\UserDashboard;
class UserDashboard extends \Nethgui\Controller\AbstractController
{
public function prepareView(\Nethgui\View\ViewInterface $view)
{
$view->getCommandList()->sendQuery($view->getModuleUrl('/UserDashboard'));
}
} //end class
Create a new file:
touch //usr/share/nethesis/NethServer/Module/UserDashboard.php
<?php
namespace NethServer\Module;
class UserDashboard extends \Nethgui\Controller\CompositeController
{
public function initialize()
{
parent::initialize();
// Choose only one, multiple won't dispay.
$this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Resources());
// $this->addChild(new \NethServer\Module\UserDashboard\NewDashboard());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Accounts());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Backup());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Mail());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Network());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\Providers());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\RaidStatus());
// $this->addChild(new \NethServer\Module\Dashboard\SystemStatus\SystemRelease());
}
}
Add this to base.json ( //usr/share/nethesis/NethServer/Authorization/base.json )
{
"Id": 9999999998,
"Effect": "ALLOW",
"Subject": ".authenticated",
"Action": "*",
"Resource": "NethServer\\Module\\UserDashboard:*",
"Description":
"Authenticated users have full control on UserDashboard module"
}
Remove CPU Model From Hardware
(On QEMU it says “Standard PC i440fx”, it looks too cheap! and is not true).
//usr/share/nethesis/NethServer/Template/Dashboard/SystemStatus/Resources.php
Mark out row 31
// echo "<dt>".$T('product_name_label')."</dt><dd>"; echo $view->textLabel('product_name'); echo "</dd>";
Make sure you have installed what you need like OpenVPN, Samba Auditing
Now assign several items to the manager (admin user), so your customers system operator has access to the needed options.
You can use these on the command line …
sed -i – ‘s/‘Gateway’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/VPN.php
sed -i – ‘s/‘Gateway’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/VPN/OpenVPN.php
sed -i – ‘s/‘Configuration’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/Pki.php
sed -i – ‘s/‘Configuration’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/Organisation.php
sed -i – ‘s/‘Configuration’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/DateTime.php
sed -i – ‘s/‘Configuration’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/BackupData.php
sed -i – ‘s/‘Management’/‘Configuration’/g’ /usr/share/nethesis/NethServer/Module/MailAccount.php
sed -i – ‘s/‘Management’/‘Configuration’/g’ /usr/share/nethesis/NethServer/Module/VirtualHosts.php
sed -i – ‘s/‘Report’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/SambaAudit.php
sed -i – ‘s/‘Status’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/OpenVPNStatus.php
sed -i – ‘s/‘OpenVPNManagement’/‘OpenVPNStatus’/g’ /usr/share/nethesis/NethServer/Module/OpenVPNStatus.php
sed -i – ‘s/‘Report’/‘Management’/g’ /usr/share/nethesis/NethServer/Module/CGP.php
Ignore errors, it could be a file does not exist when you have not installed the module yet.
Optionally install your modules and again apply above lines then.
Now make a copy of /USR/SHARE/NETHESIS to a safe place, you must copy it back again after
every update since this setup is experimental at this stage !
Developers, please try and let me know how you think of this, it can be a good start and from this point
i think it is not difficult to create a menu on the root account to define the functions assigned to admins / users.
I’ll work on this later…
When you login to the web interface as ‘root’ you’ll see all menu items.
Below the panel that you see when you login as admin.
Login as user and you will see:
This way the NethServer can be managed by a system operator from a datacenter (VPS works fine)
You can RENT it to a customer ( for example a small company ) and give their manager admin access.
The manager can create users, folders, groups and assign VPN access. a perfect setup !