Default admin user account handling plan #4575
Admin/MetaComments
|
A lot of projects don't create a default account at all, and on first use (opening the interface) it asks for the username and password of the first admin user. This may help with as there will not be any well-known default credentials. Is the admin user required to be present before the interface can be shown to the user? |
|
@My-Random-Thoughts Thanks, I have thought about some initiation thing, but the process introduces extra process and another potential security consideration, and I'd likely still get complaints about the potential of access by others during that initial setup process. Therefore I thought I'd for for the simplest direct solution, of building on the command we already have. Maybe we could have both though to ease UX, and do something like deploy a setup interface/script upon command, so it could be built into deployment workflows where desired or not. I'll have a think about options. |
|
I do like the idea of a initial configuration flow, I've seen it on several other applications. If it is that critical that no one else is able to get to that first launch page before the intended user, maybe that instance shouldn't be exposed to the internet yet. Agreed on added complexity though, maybe a future enhancement after the initial implementation? Another option I'd like to see, and maybe this is just something that could be provided by the Linuxserver Docker team, would be setting the initial admin account email/password via environment variables. Also, this may be a separate topic, though it is somewhat related to first time configuration, but an annoyance I had when setting up the instance at my job, was having to do that weird thing where you login with the admin account and then enable SSO login so that you are able to set the external ID of the Admin role. It would be nice to also have that exposed as a config/env option. |
@aswgxf Yeah, it is a bit of an awkward juggle of auth. I'm not a fan of adding options for minor bits like that, but I'm planning to work on the user forms soon so will keep that in mind and may re-think how this field is shown and accessed. |
Yeah, this is exactly the kind of thing that I envision could be done by external/setup teams, to suit the method of running/setup/hosting. As long as we provide the tools to make that possible, simple and stable/supported. |
|
Hello! I'd like to suggest one things, related to the You could potentially go even farther, with environment variables like Even if Bookstack doesn't support passing those via environment variables, I could see folks like the Linuxserver team implementing something similar themselves. It would allow folks using Docker Compose (or the like) to spin up a Bookstack instance with only environment variables. |
|
@akkornel Thanks for the input. I don't want to go too far with supporting variables for options, as long as those kinds of things are possible externally where desired. That way things remain flexible to how that hosting/setup project way want to name or manage things. |
This issue lays out the plan to change the way that the default admin access is granted on new instances.
Currently, a default admin account is created via migrations with the "admin@admin.com" email, and
passwordpassword.There are two main goals of this change:
admin@admin.comemail address.While we could make changes easily and directly just thinking about BookStack itself, we need to think about the ways BookStack is hosted/provided to ensure we don't break the setup/install flows in various use-cases.
Plan
Over a range of feature releases we'll make changes to work toward this incrementally.
create-admincommand.There probably should be a couple of feature releases' worth of time between 1 and 3.
Create admin command changes
To provide options, and potentially seamless routes to handle these changes, we'll update the
create-admincommand with extra options:--first-admin: This option will create the admin user, only if there are no pre-existing admin users in the system. If there's only the default admin account (admin@admin.comwith default password), this will instead update that account with the provided details. If this does not result in an admin account being created/updated, this will return an error status code so the caller can acknowledge if the account can be used.--generate-password: This option will generate a random password for the user and return it via stdout on the command line. This should be the only output when this option is used.With the
--first-adminoption added, setup providers can migrate to using this option after it's released, but before default user creation is removed, so a seamless transition can be achieved. You could even use the existing default credentials to switch to the new system without any user-facing change (could help simply or delay changes but not advisable since won't help toward main goals). The behaviour of this option means it can be ran via init scripts, without needing to query BookStack, or the environment, first to see if this is a fresh system without a (or with default) admin user.The password gen option, combined with the first admin option, can open some options to providers to help migrate to a more secure setup.
Official guidance/script changes
On the official side of things, we'll need to:
We can update our scripts after the initial addition of the command options.
These can then be used as an example for others to update their scripts/setups with.
Setup Providers to Notify
We'll need to notify these folks when the time comes (After commands have been implemented).
This list will be used for tracking when the time comes.
Please don't notify these projects/groups/people yet!
If I've missed a BookStack hosting provider/project, please let me know via a comment below.
Questionables
The text was updated successfully, but these errors were encountered: