Why does the login page even require a "username"?

[winnielinnie]

I've always pondered the reasoning behind login screens that only accept root (or admin) as a username, yet still require you to type it in every time.

Wouldn't it be preferable and quicker to simply require only a password, as "root" is supplied as the default "username"?

It's not like you can access the web GUI via any other username.

Is there a historical reason behind this? Just tradition that never changed? Imagine unlocking your iPhone or Android phone, yet a PIN code or passphrase isn't enough: you have to prepend it with your email address or username every time.

 

[winnielinnie]

Made a ticket for it: https://jira.ixsystems.com/browse/NAS-106603

 

[Spearfoot]

I've always pondered the reasoning behind login screens that only accept root (or admin) as a username, yet still require you to type it in every time.

Wouldn't it be preferable and quicker to simply require only a password, as "root" is supplied as the default "username"?

It's not like you can access the web GUI via any other username.

Is there a historical reason behind this? Just tradition that never changed? Imagine unlocking your iPhone or Android phone, yet a PIN code or passphrase isn't enough: you have to prepend it with your email address or username every time.

Are you talking about the FreeNAS GUI and shell? Many users may never add more than the one root account, but FreeNAS does indeed support multiple users -- and this fact probably answers your question.

 

[winnielinnie]

As far as I know, you cannot login to the FreeNAS GUI with any other usrername except root. Even if the user has sudo privileges. It wouldn't make sense anyways. Why would any random user be given administrative access to the entire appliance?

They should really remove the username field from the login.

This mock image demonstrates how it not only looks sleeker, but makes more sense for an administrator (root) dashboard.

 

[Spearfoot]

Any user with administrative privileges can log on to the GUI -- I use such an account my FreeNAS systems, in addition to the standard root account.

 

[danb35]

Any user with administrative privileges can log on to the GUI

How is "with administrative privileges" defined for these purposes? Because a user with "Allow Sudo" checked isn't able to log in to my 11.3-U3.2 server.

 

[Spearfoot]

How is "with administrative privileges" defined for these purposes? Because a user with "Allow Sudo" checked isn't able to log in to my 11.3-U3.2 server.

Hmmm... perhaps the user needs to be a member of group wheel? All of my user accounts with GUI access are wheel members.

Or this may indeed be a bug specific to the 11.3 train, which I only used for a few days before dropping back to 11.2-U8.

 

[danb35]

Hmmm... perhaps the user needs to be a member of group wheel?

That's true of the user I tried as well.

 

[winnielinnie]

That's true of the user I tried as well.

I can confirm the same: being in the group "wheel" doesn't matter. Only "root" can access the GUI.

@Spearfoot, to add to this conversation, in all seriousness, what differences does it make if you are able to input a different username to access the GUI/dashboard? Are certain menus greyed-out or inaccessible? Are there changes to the Email, Alert, or related options? Is the color theme any different? I'm just not sure what difference it makes.

If anything, FreeNAS/TrueNAS should at least remember the last username that successfully logged in. This way roughly 99% of the time there's no need to redundantly type in "root" in the username field, and then click on the password field, then type in the password, then hit enter. Instead, the login process would be more streamlined: Once the login page is presented, you only need to type in the password, hit enter, bam! You're inside.

 

[subhuman]

If anything, FreeNAS/TrueNAS should at least remember the last username that successfully logged in.

I'm sorry, but am I reading this thread correctly in that you're requesting that FreeNAS be made less secure?

 

[winnielinnie]

I'm sorry, but am I reading this thread correctly in that you're requesting that FreeNAS be made less secure?

On your iPhone, do you enter your Apple ID + PIN/passphrase/fingerprint/facial to unlock your phone? Or just the PIN/passphrase/fingerprint/facial?

On your Android, do you enter your Google Account + PIN/passphrase/fingerprint/facial to unlock your phone? Or just the PIN/passphrase/fingerprint/facial?

How does requiring the root password to access the GUI, as root, make FreeNAS/TrueNAS less secure? What username do you type into the username field of the login page? Anything other than "root"?

EDIT: If there is a strong reason to allow different "users" to access the entirety of the GUI and appliance, as the administrator of said appliance, then the login page can still be made into a more streamlined process for practically 99% of FreeNAS users who only ever type in "root" into the username field. If there is no reason to login with any account other than root (which seems to be the design, as the FreeNAS GUI is meant for the administrator of the system, not to be manipulated by random user accounts), then the login page can still be made into a more streamlined process by getting rid of the redundant step of entering "root" every single time into the username field, before actually typing in your root password to gain access anyways.

Look at the mock screenshot earlier in this thread. What about it looks "less secure"? It's prompting for the password before allowing access.

Would you support the idea to input three fields on the login page: hostname, username, and passphrase? Hostname only accepts the very hostname of the server. Username only accepts root. And passphrase is, of course, whatever the root passphrase is. You wouldn't question the redundancy of typing in the hostname in the login page, even though it's a given, each and every time?

 

[Spearfoot]

I can confirm the same: being in the group "wheel" doesn't matter. Only "root" can access the GUI.

@Spearfoot, to add to this conversation, in all seriousness, what differences does it make if you are able to input a different username to access the GUI/dashboard? Are certain menus greyed-out or inaccessible? Are there changes to the Email, Alert, or related options? Is the color theme any different? I'm just not sure what difference it makes.

If anything, FreeNAS/TrueNAS should at least remember the last username that successfully logged in. This way roughly 99% of the time there's no need to redundantly type in "root" in the username field, and then click on the password field, then type in the password, then hit enter. Instead, the login process would be more streamlined: Once the login page is presented, you only need to type in the password, hit enter, bam! You're inside.

Many of us old hands learned to minimize use of the root account because of security and safety concerns. Oftentimes, for example, if you're really serious about security, you disable password logons for the root account. Ubuntu, for example, doesn't allow root logons; you have to use sudo -i to gain superuser privileges. I always set up an administrative account to use for day-to-day maintenance tasks. Doesn't mean I don't use root whenever I want to -- after all, these are my systems.

I'm surprised that the latest version of FreeNAS requires users to log on to the GUI with root. So I commend your filing a bug report, as I don't believe this is desirable.

 

[winnielinnie]

Ubuntu, for example, doesn't allow root logons; you have to use sudo -i to gain superuser privileges.

I understand what you're saying, and as a Linux user myself, it makes sense on a desktop OS. However, FreeNAS / TrueNAS is an appliance, with a fairly specific role. Practically everything done in the GUI is done as the administrator of the appliance. This is unlike a desktop OS, such as Ubuntu or Manjaro, where most everything you do is as a less privileged user contained within your home directory. You only elevate your privileges temporarily to do certain administrative tasks, such as updates, modifying system files, etc.

 

[subhuman]

How does requiring the root password to access the GUI, as root, make FreeNAS/TrueNAS less secure?

That's not what I though you meant. Please clarify what you meant by "FreeNAS/TrueNAS should at least remember the last username that successfully logged in "

EDIT: If there is a strong reason to allow different "users" to access the entirety of the GUI and appliance,

No, but there is a strong reason to disable root login and only accept logging under another account name if you like to slow down potential attackers.
You may have found a bug, in that FreeNAS 11.3 doesn't allow non-root logins. However, I feel that instead of asking that it be made a permanent feature, it should instead be fixed.

 

[anmnz]

No, but there is a strong reason to disable root login and only accept logging under another account name if you like to slow down potential attackers.

But why exactly? The GUI gives complete control over the system (there is no less-privileged view for less-privileged users). If you can log in to the GUI you have superuser-level access. What is the supposed security benefit in allowing that access to other logins? Is it just that an attacker would have to guess a name other than "root"? But that's just security-through-obscurity, you should focus instead on choosing a strong password.

I'd like to understand the view, really. I always feel in these discussions that people are just repeating the advice "don't allow root logins" from other systems and other access methods, without thinking it through in the context of the FreeNAS GUI. And that's probably unfair, I'd like to understand the argument better.

 

[danb35]

I'm surprised that the latest version of FreeNAS requires users to log on to the GUI with root.

I'm surprised to hear that it's ever been otherwise, to the point that I'm having trouble believing you. The question has come up here many times in the past, and the answer (including from folks at iX) has always been, "only root can log in". See:

Change GUI login User

I'm pretty new to FreeNAS and I want to be able to login to the FreeNAS 11.2 UI using a user rather than the default root user. I have added a user to the wheel group (which I thought was the needed group) but no luck. What settings do I need to change to allow for the different login user? Thanks

www.ixsystems.com

SOLVED - Is root user the only credentials that can access GUI?

Hi there, So, I would like to setup FreeNAS to be accessible from outside my local network by means of HTTPS: and port forwarding. My concern is, which users are able to access the GUI? I have tried my own user created accounts and see that they cannot login to the GUI. But, I would like to put...

www.ixsystems.com

LDAP for local account login

so im trying to learn Open LDAP and have the server set up. I can authenticate a linux client and pfsense fine. and can even gain sudo in linux and can manage my pfsense box with my user as if I logged in as admin. I am trying to do the same for freenas but can't get it to work. if I go to...

www.ixsystems.com

FreeNas GUI Query, Automate Installation, Configuration Backup

Hi All, We are using FreeNAS for our Serverpack35 devices. We need your help and support to clarify some doubts. Can we configure GUI for multiple users and give respective role and permission to them? How to automate the FreeNAS installation and Configuration? How to take a backup of FreeNAS...

www.ixsystems.com

In this last thread, neither Dru (whose account has apparently been deleted) nor the TC project lead indicate that there's any way to use different users other than using TrueCommand.

The manual concurs. 11.3, "the password for the root user is requested.":

3. Booting — FreeNAS®11.3-U3.2 User Guide Table of Contents

www.ixsystems.com

11.2-U6 (the last 11.2 series manual available), "Enter the password for the root user":

3. Booting — FreeNAS®11.2-U6 User Guide Table of Contents

www.ixsystems.com

11.1-U7, "The password for the root user is requested":

3. Booting — FreeNAS®11.1-U7 User Guide Table of Contents

www.ixsystems.com

Your post is the first suggestion I've seen in nine years here that anyone other than root can, or has ever been able to, log in to the web GUI under any circumstances. This may call for some testing.

Edit: so I've done some testing. Did a fresh install of 11.2-U8 in a VM, logged into the new (default) GUI, and created a new user called "fred." Gave him sudo access (checked that box), added him to the wheel group, and gave him a password. Logged out as root and tried to log in as fred. "Your username or password is incorrect."

 

[Patrick M. Hausen]

As for "why would you want to login as anyone but the administrator?"

We are a team of four @work and prefer to have individual accounts wherever possible. Simple as that. Not every freeNAS installation sits at somebody's apartment in the closet.

 

[subhuman]

But why exactly? The GUI gives complete control over the system (there is no less-privileged view for less-privileged users). If you can log in to the GUI you have superuser-level access. What is the supposed security benefit in allowing that access to other logins? Is it just that an attacker would have to guess a name other than "root"? But that's just security-through-obscurity, you should focus instead on choosing a strong password.

First, let me point out that choosing a strong password is in and of itself security through obscurity. If you don't like obscurity, use "123456" as your password and be done with it.
Ok, from danb35's post that immediately preceeds this, apparently this is a moot point in FreeNAS. But...
Disallowing root logins means that an attacker trying to log in as root will never succeed. Trying to brute force user+password will take longer than just cracking password. In effect, you've extended the maximum password length by 16 chars (the max number of characters allowed in the username). The maximum number of combinations goes from ~245^x (where x is max PW length) to ~245^(x+16).

 

[winnielinnie]

The question has come up here many times in the past, and the answer (including from folks at iX) has always been, "only root can log in".

This appears to be by design, which is why I bring up the redundancy of typing "root" into the username field to access the GUI. FreeNAS is an appliance, whereas something like Manjaro or Ubuntu is a desktop OS. How someone runs administrative tools under Ubuntu cannot used as an example of a FreeNAS system.

But why exactly? The GUI gives complete control over the system (there is no less-privileged view for less-privileged users). If you can log in to the GUI you have superuser-level access.

This is exactly why I am also confused for the reasoning behind allowing a different username to access the GUI as the unrestricted administrator of the system. Whether you login as "root" or "sally" or "fred", you are essentially logged in as root, whereas you can do whatever you want, including destroying data, changing any and all settings, deleting users, revoking access to others, and so forth.

As for "why would you want to login as anyone but the administrator?"

We are a team of four @work and prefer to have individual accounts wherever possible. Simple as that. Not every freeNAS installation sits at somebody's apartment in the closet.

But whoever is logged in, regardless of what username they entered into the username field, can then revoke access to the other three users. How is it any different than all four of you knowing the root password in order to access the GUI? Whoever logs in is now the administrator of the system: it makes no difference if they type in "root" or "fred" as the username. This is akin to a padlock on a storage unit where you give out four keys to four trusted individuals. Any one of those key-holders has full access to everything within the storage unit. What if one of them is not to be trusted? Change the lock? Well, you better change the lock before they gain access to the storage unit, where they might change the lock themselves to keep you out!

Four different trusted individuals with the root password all have the same access as four different individuals with four different usernames that also allow administrative access. If one of them is malicious, it's a matter of who can change the root password first, or who can revoke access to the other three users first.

I know it sounds repetitive, but it needs to be stated again: anyone who can access the GUI is absolutely the administrator and can do as much damage as they want, regardless of using "root" or "fred" as the username. (This implies you've somehow found a loophole to allow any other name besides root to be used in the first place.)

First, let me point out that choosing a strong password is in and of itself security through obscurity.

You're talking leagues and leagues of a difference. A truly strong password makes it irrelevant what the username is. No discussion of password strength and security puts emphasis on the username. Heck, even Google essentially lets you know if you've entered a real account name before you can even attempt to enter a password. The security is in the password, not the username.

Disallowing root logins means that an attacker trying to log in as root will never succeed. Trying to brute force user+password will take longer than just cracking password. In effect, you've extended the maximum password length by 16 chars (the max number of characters allowed in the username). The maximum number of combinations goes from ~245^x (where x is max PW length) to ~245^(x+16).

The same reasoning can be used to justify a third, fourth, fifth, etc, input field.

Not only would they need to guess the password, and not only would they need to guess the username, but they would also need to correctly guess the other fields as well. Once again, strong password practices make all of this irrelevant.

This brings me back to the redundancy of a username field in the login page of FreeNAS / TrueNas: iXsystems explicitly designed the appliance to be administered by the root user, and only the root user.

 

[Patrick M. Hausen]

But whoever is logged in, regardless of what username they entered into the username field, can then revoke access to the other three users. How is it any different than all four of you knowing the root password in order to access the GUI?

Password management? Audit logs?

I assume all individuals involved play by the rules, of course.