Change logging in as root

L

Lantizia

Active Member
Jun 29, 2009
79
0
26
Hey,

As a rule of thumb on any server, even if it's local only, even if there's no ports opened to it... I always make myself another user and add it to the sudoers and disable root like this...

passwd -d -l root

Unfortunately if you remove the password from root, or lock root, or both (like the above command) Proxmox won't let you log in as root any more because it relies on authenticating against the Unix user.

Could someone tell me which file (I'm guessing in... /usr/share/pve-manager/root/system) would need to be altered so it verifies access to the Proxmox web interface via checking the password for a different username (and when changing the password for the 'Administrator' in the web interface - changes it for that new username).

And I know it'll mean tweaking with the source, and thus unsupportable, and any update could revert it... but I'm just interested in the idea from a theoretical point of view at the moment and would welcome any discussion about the pros/cons of it and if perhaps Proxmox needs better user account administration support (like adding users, or restricting access to particular machines per user etc).

Thanks
 
This is great, so in the mean time is there a way I can tweak login.pl or this nrd/LOGIN thing to check against a different username? I've seen what to change for making the change of password work in system/admin.htm
 
Lantizia said:
This is great, so in the mean time is there a way I can tweak login.pl or this nrd/LOGIN thing to check against a different username? I've seen what to change for making the change of password work in system/admin.htm
Click to expand...

see /usr/share/perl5/PVE/Utils.pm (is_valid_user())
 
OK. So i was searching for a way to change the gui login to anything else then root and found this thread. A little bit dusty, but seems to be somewhat up-to-date.
I spent about 3 hours trying to understand that function, unsuccessfully.

why can "testuser" login if it's in group "root", but not if i change "root" to "testuser's group" in "$groupname ne root" ?


to remember: This is the (apparently) interesting part:
Code: 
    # fixme: what groups are allowed?
    if ($groupname ne 'rootkid') {
        syslog ('info', "auth failed: group '$groupname' is not in the list of allowed groups");
        return undef;
    }

Any hint is welcome! :)
 
I gave up on this a while back!

But would still be cool to know - unless the feature in the roadmap is about to be imminently added.
 
Log into the host machine as root

run the command

Code: 
adduser proxadmin --gid 0

and then answer the questions.

This will allow this user to log in at the proxmox login screen. I have not tested this too much, but it allows the users to start and stop machines.

--
KCH
 
rootkid said:
Problem is:
This user would be in system's "root" group, right?
Click to expand...

Yes, this is correct. But just being in the root group is very slightly better than having them log in as root.

I am sure the code could be altered to look for something else, but if the proxmox team are looking at it already, why re-invent the wheel :)

--
KCH
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back