Is it possible to create passwordless user accounts?
Not from the web interface. You can use useradd from the command line and if you never set a password, it won't have one. If you already created the user, just execute the following command as root: passwd --delete USERNAME
Not from the web interface. You can use useradd from the command line and if you never set a password, it won't have one. If you already created the user, just execute the following command as root: passwd --delete USERNAME
Excellent. passwd --delete USERNAME worked perfectly and the user can no longer log into the web gui. The other situation I can think of where a password would be used is for "sudo" but since I want to limit the capabilities of this account to making backups, I have made sure it is not in the sudo group.
Are there potential issues to be aware of with setting accounts to be passwordless?
The other situation I can think of where a password would be used is for "sudo" but since I want to limit the capabilities of this account to making backups, I have made sure it is not in the sudo group.
You can always create sudoers rules with NOPASSWD if needed.
Are there potential issues to be aware of with setting accounts to be passwordless?
Nope. It is safer than having a password.
What about SMB/CIFS shares that require username/password for access?
Technically, it is possible to set a password for a user for samba but not have a system password. But this would be a pain in the ass and not possible with the web interface. I would recommend using different username for shell access (like USERNAMEADMIN or USERNAMEBACKUP) and use the regular username with a password but no login for samba. The only thing in that situation that you can't do is remove the password but that is simple.
How/where is this password stored and managed?
OMV uses the standard Linux place - /etc/shadow - but that is an encrypted password hash and you don't want to start modifying that.
I would recommend using different username for shell access (like USERNAMEADMIN or USERNAMEBACKUP) and use the regular username with a password but no login for samba.
Do you mean using two different accounts named similarly (USERNAME for samba and USERNAMEADMIN for logging in if necessary)? And is no login for samba achieved by selecting /usr/sbin/nologin or /bin/false for that account's shell?
Do you mean using two different accounts named similarly (USERNAME for samba and USERNAMEADMIN for logging in if necessary)?
Yep.
And is no login for samba achieved by selecting /usr/sbin/nologin or /bin/false for that account's shell?
Yep.
I don't know what consequences this could have on OMV.
None. If you create the user with useradd, it won't add a samba password. Although, having a samba password doesn't mean the user has access to samba shares. Unless you give guest access, the user would have to have permission to access share(s).
If you create the user with useradd, it won't add a samba password.
I'm still using the OMV gui for creating users. useradd was used just for making the account passwordless, but it does not change/remove the samba password.
As far as I can tell, the OMV gui does not have a way to manage samba users or passwords.
As far as I can tell, the OMV gui does not have a way to manage samba users or passwords.
Not independently anyway. Your use case is the first I have seen used on OMV. I would really use the command line if you are worried about it.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
