Thank you for you detailed informations. i understand, that the current Nethserver concept is to use an account provider and therefore not to provide a enlarged usage scenario of posix users/groups. I understand this decision, but i regret that in details.
I was wondering since my first Nethserver installation that the server-manager has not even the option to manage the while installation installed basic accounts. For a non-terminal-competent user this accounts are unusable and therefore forgotten and lost in fact - and this can be a serious security risk. In server-manager there is no option to remove/disable or give new passwords for such accounts.
By the way, there is also no option to change the ârootâ password in server-manager. In some cases the âNethesis,1234â password could be deferred and less experienced user have no option to change it.
What if Nethserver is used for Services without an account provider? There are so many options / scenarios for using Nethserver without own or binding to an external account provider and most of them can be completely installed and managed within server-manager. But within server-manager there is no (non terminal) option to change the âmaintenaceâ account (root) password or to create a second maintenace account (other posix admins with right for server-manager). Or i am blind.
In my opinion, there should maybe at least an option to change the root password from server-manager - like usual in any other webconfigs for routers/firewalls or others. Maybe on an other place as the user/groups panel. (on this place, there could be a posix account managing option without confusing the Nethserver like account managing)
In compatibility to CentOS the posix-user existence has to be considered anyway.
Even if you have no need for an Account Provider, and maybe not even a need for a user besides root:
Whatâs stopping you from installing a simple LDAP âAccount Providerâ?
Itâs there, and configured, but doesnât block or stop you.
In german we also say âFrisst mir kein heu weg!â
BTW: The NethServer root does NOT use âNethesis,1234â as a password, only the default Nextcloud admin uses that!
Itâs a bit akin like on a current Windows 10 64 Bit machine and thinking: Iâm on a 64 Bit OS and Box, I have no need for C:\Windows\System32, thereâs a folder C:\Windows\System64 replacing that⊠So after removing the System32 folder, you âmightâ have major problems rebootingâŠ
You could also try removing /etc/group and /etc/passwd and /etc/shadow on any linux / unix box, thinking I donât need local users⊠You WILL have problems.
Same thing in NethServer, itâs there for a reasonâŠ
You can change the root password both from the new and old Server Manager: http://docs.nethserver.org/en/v7/access.html#change-the-current-password
On the old one, you are even asked to do it during the first configuration wizard.
In the new one, you have a yellow warning which ask you to change the password.
For the new Server Manager you can change the password using System â Settings
We have thousands of such installations, usually firewalls.
If you do not need users, just use root for anything.
If you need users, you can simply install the LDAP account provider and manage everything from the UI.
"we say: âKleinvieh macht auch Mist.â
Dont install services that you dont really need, because it increased the surface for bugs, attack and so Instead use the one you have. And i have the posix user system.
I think you totally misunderstood me.
In CentOS (and as i know in all other linux/unis systems) there is all over a posix user system. Thats a essential basement for so many things, services and programs. It wont go away that fast and it shouldnt. You can use it for simple work and I do that.
I dont expect that nethserver full support that. But it would be nice if it is not accidentally hindered.
So far I have been able to use it without any problems. But the last change has shown that there may be conflict potential now and in future. I wanted to point this out.
You are absolutely right. I am sorry for that, i totally missed that. (I was obvious completely blind)
is it actually a good idea to âuse root for anythingâ? In my world it is exactly the opposite.
If i need âusersâ (admins) for maintenace, i dont need to install anything, because we have a posix user system already here. And of course i could manage this from terminal as before if the UI has no possibility to do that. Until now this was no Problem. However, the last system change has shown that there may be conflict potential here*. I wanted to point this out and took this as an opportunity to address this.
In my case the update has locket out my posix admin from shell (bad situation if you far away). In other cases there was no problem after update.
If my arguments have not been understood up to this point, it probably makes no sense to go on.
I donât want to appear here as a troublemaker.
I have never done an unattended install of NethServer, Thx, good to know.
And youâre also right: I didnât really understand what you wantedâŠ
If I donât want/need the features of NethServer, I install a vanilla Centos or DebianâŠ
Usually even, I wonât even use a VM for the duty intended, Iâll use a LXC (Linux Container).
Then I get just what I need, NO bloat!
As using Linux 30 years now, I DO know what a Posix User is, I call it a Linux or UN*X user mostly.
But Nethserver has many features, and some of them (e.g., firewall, web server, database server) donât depend on having a bunch of users (or any, really, beyond the default system users). But itâs pretty common security advice to disable root logins, so youâd need another user to allow you to log in. Is it worth installing an LDAP stack to support a single additional user?
I canât wait to see your PR!
