Cockpit Admin Permissions

Problem Description
In Cockpit, the initial admin user created at FBX startup, isn’t listed under accounts, and doesn’t seem to have admin privileges. It cannot alter the existing accounts, cannot format or set up raid in storage, and appears to not be able to run software updates - “Failed to obtain authentication” (updates can be run through plinth or terminal). On the Plinth side, the user has ALL the groups and privileges.

Steps to Reproduce

  1. Login to FreedomBox
  2. Go to Cockpit > Accounts
  3. Try to edit (add or remove) accounts

Expected Results

  1. Expect to see all users (at least the main admin) listed.
  2. Expect to be able to edit (add/remove) accounts

Actual results
Screen popup/infotext stating “The user xxx is not permitted to modify accounts”
To be certain, in terminal I added the user to the sudo group, but this didn’t change anything.

Screenshot

Information

  • FreedomBox version:
    You are running Debian GNU/Linux 10 (buster) and FreedomBox version 20.12.1. FreedomBox is up to date.

  • Hardware: Olimex Pioneer

  • How did you install FreedomBox?: Relatively fresh (3 days) flash of latest stable pioneer image.

Hi, thanks for your report. I don’t have a solution, but maybe some pointers that may help.

It sounds like it could be related to that the freedombox configuration interface (manager) is itself not using the LDAP database that it sets up internally.

And similarly, the LDAP accounts also differ from the debian defaults.

1 Like

Thanks for the help. I’ll look into :smiley:

When logging in to cockpit, one needs to check the little box to use password for other elevated privileges. :roll_eyes:

I dont normally check boxes unless I know what they mean. This seems like an unusually obscure security feature. Does anyone know why it is implemented like that?

Im going to see if I can add to thevwiki today to clarify it.