schmittlauch/nixos-seafile-overlay
1
0
Fork 0
Code Issues 7 Pull requests Releases Wiki Activity

create admin account #7

New issue
Open
opened 2021-01-31 22:55:31 +01:00 by schmittlauch · 1 comment
schmittlauch commented 2021-01-31 22:55:31 +01:00
Owner
Copy link

For creating the initial admin account, the database needs to be edited, see https://github.com/haiwen/seafile-server/blob/v8.0.2-server/scripts/setup-seafile-mysql.py#L528 :

sql = '''REPLACE INTO EmailUser(email, passwd, is_staff, is_active, ctime) VALUES ('%s', '%s', 1, 1, 0)''' % (seahub_config.admin_email, seahub_config.hashed_admin_password())

where hashed_admin_password currently returns the SHA1 password hash (unsalted).

There are 2 options on how to do that:

  • include adminEmail and adminPasswordHash into the NixOS module options and execute the SQL REPLACE at each service start
    • maybe adminPasswordHashFile is a better idea as unsalted SHA1s are not that super secure
    • if unset, the build shall fail (via assert) and provide help on how to generate the pw hash
  • provide a script/ command to statefully execute the admin account creation just a single time
For creating the initial admin account, the database needs to be edited, see https://github.com/haiwen/seafile-server/blob/v8.0.2-server/scripts/setup-seafile-mysql.py#L528 : `sql = '''REPLACE INTO EmailUser(email, passwd, is_staff, is_active, ctime) VALUES ('%s', '%s', 1, 1, 0)''' % (seahub_config.admin_email, seahub_config.hashed_admin_password())` where hashed_admin_password currently returns the SHA1 password hash (unsalted). There are 2 options on how to do that: - include adminEmail and adminPasswordHash into the NixOS module options and execute the SQL REPLACE at each service start - maybe *adminPasswordHashFile* is a better idea as unsalted SHA1s are not that super secure - if unset, the build shall fail (via assert) and provide help on how to generate the pw hash - provide a script/ command to statefully execute the admin account creation just a single time
schmittlauch commented 2021-02-07 23:47:52 +01:00
Author
Owner
Copy link

decision:

  • adminPasswordSHA1File, read during pre-start script
  • passed as argument to python script that executes the SQL replacement of credentials at each start
decision: - `adminPasswordSHA1File`, read during pre-start script - passed as argument to python script that executes the SQL replacement of credentials at each start
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
mainline
python3
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: schmittlauch/nixos-seafile-overlay#7
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?