The Admin user cannot login

cockpit

(Stéphane de Labrusse) #1

cc @giacomo @edoardo_spadoni I found something strange, probably a feature, or more seriously a bug

The admin user in cockpit cannot login, and when I try to set another group to the admin user I have this log warn

Jan  2 18:01:59 ns7loc14 esmith::event[8940]: Event: group-modify admins admin plop admin
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: LDAP_TYPE_OR_VALUE_EXISTS memberUid: value #0 provided more than once at /etc/e-smith/events/group-modif
y/S15nethserver-directory-group-modify line 44.
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: [ERROR] failed to set members of group `admins`
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: Action: /etc/e-smith/events/group-modify/S15nethserver-directory-group-modify FAILED: 1 [0.255935]
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: [NOTICE] clearing sssd cache for group admins@nethservertest.org
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.205613]
Jan  2 18:01:59 ns7loc14 esmith::event[8940]: Event: group-modify FAILED
Jan  2 18:02:00 ns7loc14 esmith::event[8952]: Event: user-modify admin admin /usr/libexec/openssh/sftp-server
Jan  2 18:02:00 ns7loc14 esmith::event[8952]: Action: /etc/e-smith/events/user-modify/S25nethserver-directory-user-modify SUCCESS [0.473389]
Jan  2 18:02:00 ns7loc14 esmith::event[8952]: [NOTICE] clearing sssd cache for user admin@nethservertest.org
Jan  2 18:02:00 ns7loc14 esmith::event[8952]: Action: /etc/e-smith/events/user-modify/S90nethserver-sssd-clear-cache SUCCESS [0.164662]
Jan  2 18:02:00 ns7loc14 esmith::event[8952]: Event: user-modify SUCCESS
Jan  2 18:02:00 ns7loc14 esmith::event[8961]: Event: password-policy-update admin no
Jan  2 18:02:00 ns7loc14 esmith::event[8961]: [NOTICE] clearing sssd cache for user admin@nethservertest.org
Jan  2 18:02:00 ns7loc14 esmith::event[8961]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.173562]
Jan  2 18:02:01 ns7loc14 esmith::event[8961]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-directory-password-policy SUCCESS [0.320199]
Jan  2 18:02:01 ns7loc14 esmith::event[8961]: Event: password-policy-update SUCCESS

(Edoardo Spadoni) #2

Hi @stephdl,
if you unlock the admin user and enable the Remote shell (SSH) option, the admin user can login.


(Giacomo Sanchietti) #3

Please note that only users with a shell from /etc/shells can login into Cockpit.


(Stéphane de Labrusse) #4

Ok this needs to be documented, or we could create a shell access to this user during the creation for backward compatibility, in nethgui, the admin can login once the password is set.


(Giacomo Sanchietti) #5

It is, somewhere inside Cockpit doc, I just found the blog post: https://cockpit-project.org/blog/cockpit-127.html

The shell access must always explicitly set, we can’t grant it blindly.
But we could also add sftp-server shell to /etc/shells.