Users
The user management in openmediavault is provided by the user management of the operating system on which it is running.
However, openmediavault also maintains control over these users, so management is a team effort between the Debian operating system and the internal database of openmediavault.
Users that are managed via the web interface are so-called non-system users.
This type of users are identified by their UID, which is in a specific
range, usually between 1000 and 60000. The same applies to
non-system groups that are managed via the web interface. They are identified
by their GID which is usually in the range from 1000 to 60000.
Check /etc/login.defs for more information.
The Users management section in the web interface is divided into three
subsections: Settings, Users and Groups.
Users can log into the web interface to see their own profile information. The administrator can prohibit this behaviour for each user individually.
Settings
User home directory
Due to the nature explained, users are supposed to have their own private place for files that is called “home”, depending on the type of service, automatically becomes a personal private shared location.
You can optionally select a shared folder as root for the home directories of all non-system users.
If User home directory is disabled and a new user is created, the following happens:
No home directory will be created and assigned to the user
If User home directory is enabled and a new user is created, the following happens:
A home directory will be created in the selected shared folder and assigned to the user
The “skel” templates from Debian will applied to the new home directory
If User home directory is enabled, the following actions will be performed on existing users:
The home directory path will be updated for all existing non-system users.
The previous home directory content will NOT be moved to the new location. This has to be done manually.
If User home directory is disabled, the following actions will be performed on existing users:
The home directory will be unset for all existing non-system users.
The home directory content will NOT be deleted.
User
This page lists all non-system users and allows you to Create or Edit those users as well as their shared folder Permissions. There is also a special option that allows you to Import multiple users at once.
Create
This page is intended for creating a new user. The following form fields are available:
- Name
This must be only numbers and letters. Its the “username” of the login credentials and must be all lowercase to avoid confusion.
- Password
This field will provide the password of the user.
- Shell
The shell is only used for remote access to interact with the server. By default the form will offers /usr/bin/sh shell, but is recommended usage of the /usr/bin/nologin shell to prevent local and remote console access.
- Groups
This field allows to add or remove users from specific groups. Groups are the means of access for multiple users to multiple shared resources.
Some groups only affect the system (as of Linux), others are specific to the openmediavault system. By default all users created using the web interface are added to the
usersgroup (gid=100).- SSH public keys
Add or remove public SSH keys for granting remote access for users.
- Disallow account modification
Disallow the user to modify their own account information.
- Tags
Specify tags to categorize the user.
Import
Designed for bulk user creation. The user data must be entered as CSV data. An example is prepared as a comment.
Those fields are the same as the form of the Create user page.
The field of UID must be numeric and must be in the range from 1000 to 60000 (check /etc/login.defs for more information).
Example data:
# <name>;<uid>;<tags>;<email>;<password>;<shell>;<group,group,...>;<disallowusermod>
user1;1001;user1;user1@myserver.com;password1;/bin/bash;sudo;1
user2;1002;user2;user2@my.com;password2;/bin/sh;;0
user3;1003;user3;user3@example.com;password3;/bin/false;;1
user4;1004;user4;user4@test.com;password4;;;1
Edit
Here you can modify the user information, the fields are the same as the form of the Create user page.
Permissions
All existing shared folder and the access rights of the user to be edited are displayed on this page. The following access rights are available:
Read/Write
Read-only
No access
These settings are used by the services to configure the access rights for the users.
Note
Please note that these settings have no effect on file system permissions.
How the permissions are stored is described further down in the shared folder section.
Group
This page lists all non-system groups and allows you to Create or Edit those groups as well as their shared folder Permissions. There is also a special option that allows you to Import multiple groups at once.
Create
This page is intended for creating a new group. The following form fields are available:
- Name
This must be only numbers and letters.
- Members
This field allows to add or remove users for this group.
Import
Designed for bulk group creation. The group data must be entered as CSV data. An example is prepared as a comment.
Those fields are the same as the form of the Create group page.
The field of GID must be numeric and must be in the range from 1000 to 60000 (check /etc/login.defs for more information).
Edit
Here you can modify the group information, the fields are the same as the form of the Create group page.
Permissions
All existing shared folder and the access rights of the group to be edited are displayed on this page. The following access rights are available:
Read/Write
Read-only
No access
These settings are used by the services to configure the access rights for the groups.
Note
Please note that these settings have no effect on file system permissions.
How the permissions are stored is described further down in the shared folder section.
Technical details
When a user is created openmediavault backend executes useradd in non-interactive
mode with all the information passed from the form fields. This command is responsible for creating an
entry in /etc/passwd and a hashed password in /etc/shadow.
The openmediavault backend monitors all database changes to users to allow other services to react to these changes. This ensures, for example, that the Samba user database is updated when a user password is changed.
Attention
The user profile information (except password) is also stored in the internal openmediavault database, along with the public keys.
A non-privileged user can become a web interface administrator by adding them to the
openmediavault-admingroup.
Manual management
If a user is created via the web interface, no corresponding group with the name of the user is created.
A user created in terminal by the useradd command will not be in the openmediavault internal
database. This causes trouble with some services, by example Samba, as there is no
user/password entry in the tdbsam database of Samba.
To synchronize users or groups that have not been created in the web interface, simply perform an Edit action and change the password or membership.