Circumnavigate fog user issues

  • Developer

    Trying to get all the pros and cons of changing the current setup of using fog linux user account as we have it at the moment.

    As we answer many questions just because people keep using the account and change the password I wonder what can be done to prevent from that.

    @george1421 @Wayne-Workman Just moved your other posts here so we have it together in one place and not fill up the users request on how to fix his issue. Open for discussion. :-)

  • I think changing the web UI’s default user is a good idea.

    Below are the spots that come to mind, but there are surely lots of other spots. I searched the wiki for ‘fog’ and ‘user’, the results weren’t helpful.

  • Developer

    Thanks @Wayne-Workman, I though about something along that line as well. Will give it a try to see if it has any culprits that I have not thought about yet.

    As well I am wondering if it’d be wise to change the fog web UI username, e.g. to admin. Beginners seem to get confused about those different user accounts when we ask about it in the forums. Question remains: How much of the documentation needs updating? Just from the top of my head I’d think that it’d be less than changing the Linux account name. What do you think?

  • You can disable a linux user’s ability to use a shell. Assuming the user account is called fog the command is:
    usermod -s /sbin/nologin fog
    usermod -s /usr/sbin/nologin fog

    Something more elaborate that I found on the net would look like this:

    touch /bin/nologin
    chmod 755 /bin/nologin
    echo '#!/bin/bash' > /bin/nologin
    echo 'echo The fog account should not be used for system management.' >> /bin/nologin
    echo 'echo Please create another account for system management.' >> /bin/nologin
    echo 'echo This session will end in 15 seconds' >> /bin/nologin
    echo 'echo Goodbye' >> /bin/nologin
    echo 'sleep 15' >> /bin/nologin
    echo '/bin/nologin' >> /etc/shells
    usermod -s /bin/nologin fog

    Changing the default username to something besides fog shouldn’t affect existing fog systems, since the username setting inside of /opt/fog/.fogsettings would remain in existing systems, and the username for existing storage nodes wouldn’t be touched.

    A downside is all the documentation / screenshots that would become incorrect for new installations. There is a lot of content ‘out there’ about fog.

  • Moderator

    @Wayne-Workman I agree. IMO both the webui default admin and the linux service account names should be changed. The problem is that I’ve see instructions in the past that specifically says create a linux user account called fog and use that to install the FOG environment. Hopefully when FOG 2.0 is released we can move away from some of the sins of the past.

  • Developer

    @Wayne-Workman Good point but I only think it would help if we restrict that account to not allow logins on it. Otherwise people would also use svc.fog as user account I am sure. Not sure if there is a way to disallow shell/GUI logins but still make it work using FTP?! Haven’t looked into that yet.

  • @george1421 I wish the account were named svc.fog instead of just fog… it would solve a tremendous amount of problems.