More web interface users then root

vermaden

Dabbler
Joined
Mar 9, 2019
Messages
16
Just a quick question, FreeNAS is administrated by 'root' user.

Can I add more users to manage the FreeNAS appliance with the same (or limited) rights as the 'root' user?

For example 'admin' user with the same rights as 'root' and 'operator' user with less?

I mean to create users that will be able to login into web interface and do the same things as 'root' just with other names like 'admin1' or 'admin2' for accountability.

TIA.
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
Just a quick question, FreeNAS is administrated by 'root' user.

Can I add more users to manage the FreeNAS appliance with the same (or limited) rights as the 'root' user?

For example 'admin' user with the same rights as 'root' and 'operator' user with less?

I mean to create users that will be able to login into web interface and do the same things as 'root' just with other names like 'admin1' or 'admin2' for accountability.

TIA.
No you can't. The root user is the only user with access to the web GUI and you can't change that.
 

Evertb1

Guru
Joined
May 31, 2016
Messages
700
Thank You for fast and accurate answer.
You are welcome. Who knows what happens in the future? Perhaps some day somesort role-based system will be implemented.

On the other hand it's very common that for certain tasks on a server, root level access is mandatory. I have been involved with the development of corporate software development for a long time and every now and then I need root access to specific (production) servers.

Most businesses I have worked for have a so called vault for the root accounts of the servers (Unix, Linux, Windows etc.). If you need to have access to a specific server with root credentials you can retrieve them from the vault if you are authorized to do that. Those credentials are unique and only valid for a limited time or for a single use. Retrievals of credentials are logged of course.

A system like that would be a bit overdone for FreeNAS though :).
 

vermaden

Dabbler
Joined
Mar 9, 2019
Messages
16
For my company the reason is only accountability, that with 4 admins for the same type of job I can tell which one did what, all of them would have same 'root' rights.

Of course it would be also great to have 'operator' or 'read only' roles but any additional users other the root would be welcome.
 

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
Yeah FreeNAS is not Enterprise class software. It's free pro-sumer class at best.
 

vermaden

Dabbler
Joined
Mar 9, 2019
Messages
16
Yeah FreeNAS is not Enterprise class software. It's free pro-sumer class at best.
You underestimate your solution.

... and having more then one user administrate the 'thing' is not an Enterprise feature you know :)
 

CPP-IT

Dabbler
Joined
Aug 14, 2017
Messages
43
having more then one user administrate the 'thing' is not an Enterprise feature you know :)
When I jumped into FreeNAS this was an option, and I liked it! The ability to have other users have access to the UI, but maybe not be 'admin' is a boon for usability. It also allows for greater accountability like @vermaden mentioned. A 'manager' might need to access users and or roll back a home folder snapshot, and offering them that ability w/o giving them 'God mode' sounds long term beneficial, since then you also have an 'escape hatch' of the *real* admin user to pull things out of the fire, should something go wrong.
 

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
You underestimate your solution.

... and having more then one user administrate the 'thing' is not an Enterprise feature you know :)
It is where you need to delegate administrative functions while maintaining security.
I could let this slide is it was ONLY a NAS or ONLY a SAN or ONLY a... Wait hypervisor and vm management is another perfect place for role delegation is needed.
 

kdragon75

Wizard
Joined
Aug 7, 2016
Messages
2,457
I don't underestimate FreeBSD or FreeNAS. FreeNAS is not as flexible as FreeBSD in anyway. Just more point and click.
 
Top