Change GUI login User

Sivivatu

Dabbler
Joined
Jan 7, 2019
Messages
19
I'm pretty new to FreeNAS and I want to be able to login to the FreeNAS 11.2 UI using a user rather than the default root user. I have added a user to the wheel group (which I thought was the needed group) but no luck.

What settings do I need to change to allow for the different login user?
Thanks
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
What settings do I need to change to allow for the different login user?
AFAIK the only user allowed to login to the GUI is the root user. So no, you can't change that.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456

Sivivatu

Dabbler
Joined
Jan 7, 2019
Messages
19
Thanks for answering this. Is this an improvement that would be worth adding? or Is it just me?
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Thanks for answering this. Is this an improvement that would be worth adding? or Is it just me?
Just adding the ability to login with a different user does not add very much. But adding some kind of role based access control would be a great Enterprise feature. I think we are a long ways from that feature.
 

Kartoff

Cadet
Joined
Jan 6, 2017
Messages
5
Just thought about if there are some news about this... So bad i can't change default user :( So for now anyone knows what is the user, and this is one step less to guess... If i can change user you should guess not just password...
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
In the world of Unix, Linux etc. root is the default name for the administrator or superuser. So what, that everybody knows the account name? On most log in screens the user name is out in the open but the password is not readable. And it can be very handy if you are working on the command line and SEE that you are logged in as root. Then you know that you need to be extra carefull before you do something you will be sorry for.

And let's say it would it possible to change that default name? Today you log in on your Linux or Windows desktop as Kartoff and the next time you login on your FreeNAS box as Kartoff and you forgot or did not realize that you have administrator privilages with that account. An accident waiting to happen I think. If I access the FreeNAS GUI it is to perform administrator tasks. I can't think of any other reason to be there and I don't care that everybody knows it's the root account. Good luck with getting my password.
 

Eddy de Jeu

Cadet
Joined
Apr 8, 2020
Messages
2
@Evertb1 Sure I understand that Root is the Linux Administrator user equivalent of Windows :)
What I do not understand is that I am able to create Users, I can give this user SSH access and SUDO priv.

That user. Is as mighty as the Root user. Also that user can logon as root by using sudo su.

Also Best practice is to use seprate accounts aside of your user account.
So Kartoff is user. But A_Kartoff is admin.
On that moment A_Kartoff is able to logon.

Also in small offices. with multpile users. and maybe admin users. I would like to able to monitor them in these systems.
Why should you use root and not able to check steps.

+1 for alternate WEBGUI users. if sudo then also able to logon to the webgui..
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
Also in small offices. with multpile users. and maybe admin users. I would like to able to monitor them in these systems.
Why should you use root and not able to check steps.
I must admit that I have no clue what you mean. Could you explain your statement? For example what systems are you talking about? And what steps do you need to check and why do you need a FreeNAS webgui with multiple root acces for that?
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
Also in small offices. with multpile users. and maybe admin users. I would like to able to monitor them in these systems.
Why should you use root and not able to check steps.

Right, you want some accounting. Maybe even RBAC. Not unreasonable and, not currently implemented AFAIK.

2FA is coming in TrueNAS 12 though, that's a step in the right direction.
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
Right, you want some accounting. Maybe even RBAC. Not unreasonable and, not currently implemented AFAIK.

2FA is coming in TrueNAS 12 though, that's a step in the right direction.
As far as I know this is the FreeNAS part of the forum. TrueNAS targets another audience then FreeNAS. I can't think of many scenarios were RBAC for a "simple" FreeNAS server would be of any true value. And even 2FA is debatable in my opinion.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
As far as I know this is the FreeNAS part of the forum.
But by 12, there will be no "FreeNAS"; there will only be different flavors of TrueNAS.
a "simple" FreeNAS server
There are many legitimate use cases for FreeNAS that would hardly qualify as "simple."
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Isn't this what TrueCommand is supposed to be for?... monitoring and some light admin... you can setup a bunch of RBAC users who can monitor some or all of the servers added.

I agree already that TrueCommand doesn't provide all the options that you have in the GUI directly, but perhaps the gaps are valid and should only be done by root (or should have feature requests raised to close them).
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
but perhaps the gaps are valid and should only be done by root (or should have feature requests raised to close them).
...or perhaps there should be granular permissions in TrueCommand.
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
...or perhaps there should be granular permissions in TrueCommand.
Also an option to make the RBAC roles more granular, just read or read/write for the whole assigned scope for now.

Writers can start/stop services, jails/VMs and a few other tasks.
 

Eddy de Jeu

Cadet
Joined
Apr 8, 2020
Messages
2
@Evertb1 Do you logon to an system directly as root? or do you use the username EvertB1? and if needed use sudo to update the system?

The part i do not understand is why in FreeNas we use the username ROOT, thats a security flaw in my opinion. As systems attacking FreeNas server already have an username bruteforce attack for a password only.

If we need SSH access, you can logon with your own account. Root even have no SSH access to the system. but you can use sudo as user to administrate FreeNas trough SSH. Why not implementing that also to the WebGUI? Or for security purposes let me change the login name or asign with the installation a Root user?
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
administrate FreeNas trough SSH
As you are warned every time you login at the console, changes made in the CLI may not stick, so this isn't really administration, rather hacking.

The FreeNAS appliance is designed to be administered through the GUI by the "owner" of the system (=root).

TrueCommand allows for some GUI access without "using" root (just not to the FreeNAS GUI itself).

Hate it all you want, I don't see it changing as this type of thread has been coming up for years and nothing ever came of it.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Why not implementing that also to the WebGUI?
Because the devs decided a long time ago not to allow it, and haven't changed their minds since. If that isn't reason enough, sorry, but it's really the only reason there is. If you want this to change, file a bug and make your case.
 
Top