Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Admin user that cannot change root password
« previous
next »
Print
Pages: [
1
]
Author
Topic: Admin user that cannot change root password (Read 2139 times)
coffeelover
Newbie
Posts: 6
Karma: 0
Admin user that cannot change root password
«
on:
August 30, 2021, 06:52:17 pm »
Hi all, I'm a new opnsense user so, please, don't blame me too much if this is a silly question! I would like to have an admin user with limited powers, in the sense that it should not be able to add users or change passwords of other users. I tried to create the user removing the privileges "GUI System: User Manager" and "GUI System: User Manager: Add Privileges", but it seems to me that it keeps the right to change root's password.
Is there something I am missing? Many thanks for your support
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Admin user that cannot change root password
«
Reply #1 on:
August 30, 2021, 07:51:48 pm »
Hi there,
It should be as straight-forward as you described. Where exactly do you mean the admin can override the root password? Page URL and/or steps to reproduce.
Cheers,
Franco
Logged
coffeelover
Newbie
Posts: 6
Karma: 0
Re: Admin user that cannot change root password
«
Reply #2 on:
September 01, 2021, 12:19:41 am »
Hi Franco and thanks for you interest: what I do is simply to create a new user and select for it all the privileges BUT the two I just mentioned. Then, the user can simply go into the System:Access:Users and do whatever she wants (e.g. change root password and privileges).
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Admin user that cannot change root password
«
Reply #3 on:
September 01, 2021, 08:15:20 am »
Ok, well, access to user accounts management inherently makes those users capable of creating admins and naturally also changing the passwords of other admins. There is no strict hierarchy at play here that "forbids" this and in most work life admin situations you will have to trust your admins with the access you give them.
Cheers,
Franco
Logged
coffeelover
Newbie
Posts: 6
Karma: 0
Re: Admin user that cannot change root password
«
Reply #4 on:
September 01, 2021, 10:07:00 am »
Hi Franco, thanks for your answer. I see your point, however there is still another issue: I gave another try with the privileges and removed the "GUI:All pages". Now the user cannot access the System:Access:User page (as expected) but also the Lobby:Password page is removed from the menu. Is this the intended behavior? In this way the user, simply, cannot change her OWN password!
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Admin user that cannot change root password
«
Reply #5 on:
September 01, 2021, 01:52:41 pm »
There are use cases that require this, for everyone else just add:
System: User Password Manager
Cheers,
Franco
Logged
coffeelover
Newbie
Posts: 6
Karma: 0
Re: Admin user that cannot change root password
«
Reply #6 on:
September 01, 2021, 11:37:45 pm »
Dear Franco: you are the best. Thanks SO much.
Best
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Admin user that cannot change root password