Root login ssh, HTTP only, bin/bash confusion - First Impressions installing OMV7

Hi,

I recently came back to OMV after a long break, and want to capture my first impressions here, in case they are useful user feedback. I'm also hopeful to learn why things are the way they are.

Things that bothered me when I installed OMV:

1. Root login to SSH by default.

I understand that some people like to keep root accounts on debian for admin purposes. I'm more comfortable creating a sudoer admin instead, and disable SSH root login, but this ends up being difficult. Maybe someday there could be an option in the installer to disable the root user and create an admin user instead?

2. Webadmin is HTTP only

Following the installation instructions over at https://docs.openmediavault.or…t/installation/index.html, I "type in the IP address" or in my case, the hostname.localdomain I setup in the installation. Unfortunately, this takes me to an HTTP page (Not HTTPS). My browser, firefox, warns me that anything I type in here is insecure, when I try to change the admin password away from the default 'openmediavault'. Not a great User Experience, although I understand that this hopefully is not dangerous if I can trust the security of my LAN. Maybe someday HTTPS can be default.

3. To create a new user for SSH login that uses /bin/bash which I am most familiar with, I have to know the difference between /bin/bash and /usr/bin/bash ?

- According to my research, /bin/bash should be preferred, since /usr/bin/bash should link to it on debian. But I am wondering why it is an option to select /usr/bin/bash? It is pretty confusing for me, a regular person jumping from being a desktop linux user to a OMV admin.

3.5 To create a new user for SSH login, I also have to know about "enable user home directories" and where to put it.

Shouldn't it just create /home/<username> unless you want it to not have a home directory? I am going to have to research what to put here before I can disable SSH root login.

4. Error when Updating Packages.

I notice a notification bell that tells me I can upgrade packages. Since I've just newly installed, that's probably a good idea, so I try. But I get a 500 - Internal Server Error The package archive is held by another process. Please try again later. Can this be improved?

5. Why can't the name of the default 'admin' webadmin user be changed?

I understand that if OMV is not accessible to the internet, the risk of someone trying to brute-force logins with "admin" and various passwords is low. But why isn't it possible to change the admin user name so that someone trying to login would have to guess the admin user name as well?

---

Anyway, that is what I've noticed so far. Hope it is helpful to say these things and if anyone knows the reason why things are this way, I would be curious to know as well.

I really do love this software, and the community forum. It makes a big difference.

Thanks!

Thanks for your response.

1. Seems like it should be easy, but the other points have made it difficult.

2. SSL/HTTPS I did find this and enable it eventually, even though my main goal was to change the admin password, I did this first to get rid of the "insecure" warning first.

3. I am somewhat stuck on this part. I successfully created the user, added them to _ssh and sudo, and added the public key. But the user does not have a directory in /home. When I try enabling this in "Users>Settings" it won't let me select /home, it asks me to have a shared folder. How do I get it to just make the directory in /home and not share it?

4. I think this was a bug, but not sure how to reproduce it. I did copy the error message and post it here. It said, "500 - Internal Server Error The package archive is held by another process. Please try again later." It hasn't bothered me since.

Thanks again! And let me know if you have any insight about /home/<username>

Quote from gderf

You could just create new users the old fashioned way in the shell using the adduser command.

I am still unsure which things to do "the old fashioned way" with the CLI, and which things will get overwritten by the webui, so I've been trying to follow the manuals and do things "the OMV way."

The manuals said to create a new user in the webui, and add it to the sudo and _ssh group. If instead I use `adduser` and the CLI tools to create a sudo/ssh user with a home directory, am I correct in assuming the OMV webui system will not know about this user. And will that be a problem?

I think I solved it by running mkhomedir_helper <username> as root. Now the ssh/sudo user has .bash_logout, .bashrc, and .profile, and I can use /home/username as expected. Via linuxhandbook.com.

Quote from KM0201

You need to create a Home Directory, then set it in the User Management settings. Note you'll have to delete/recreate your user to give it a home folder in the new Home you created. You also may want to make sure you're putting said user in the proper shell (/bin/bash).

I tried to do this, but I couldn't find a way to create a directory in the User Management settings without making it a "shared directory." I didn't want to make a shared directory, just a /home/ directory on the OS disk for the _ssh/sudo user. I did make sure it was set to `/bin/bash` though, and not `/usr/bin/bash`. Do you know why the latter is an option available?

Hey votev, thanks for your post. Overall I am very happy with OMV and hope I can help contribute to the documentation as you suggested.

1. I agree, the documentation does say that Root Login SSH should be disabled right away, at the end of the Installation section. I assume this means right after you setup a separate SSH admin user, if you intend to use SSH at all, and verify SSH access. Maybe I can add a sentence to the docs to make that more clear. (I'll make a separate github thing).

2. Agreed. It was pretty easy once I found it! Just had to make the self-signed certificate and select it.

3. Glad it's fixed!!

4. I am still not sure the "correct" way to do this -- the workflow I found was to create the user in the WebUI, and then login as root and run mkhomedir_helper <username> as root. The webui wanted me to create a shared directory.

(Fig 1. Location Field is Required. Using the (+) asks you to discard changes, and take you to Figure 2. )

(Fig 2. Asks you to select the file system on which the Shared Folder [my emphasis] is to be created. The File System field is empty -- it won't let me choose the OS drive, and it shouldn't, because this is for a shared folder. But I just want to enable /home on the OS drive.

For contributing to the documentation, should I add the mkhomedir_helper <username> command? Or is there something in the webui I'm missing?

4. That makes sense -- just bad luck on my part. Not a great experience but not the end of the world either.

5. I'll try changing this as gderf suggested. Glad it is possible these days.

Thanks again!