Per domain user subscription and admin role
-
@jdaviescoates Yep, this would be really useful. I have some friends who want to host their website on my site but I don't want to give them full admin roles.
@cyberfreakde you can already do it using the existing groups and roles, you just have to remember to do it for each app
-
@jdaviescoates Yep, this would be really useful. I have some friends who want to host their website on my site but I don't want to give them full admin roles.
@cyberfreakde Right, as @jdaviescoates set, just create a "website" group with just the users and then set the group as the permission in the app's Access control view. The important thing to remember is that the "default" Access is accessible to all. So you have to go into each app and make sure it's not accessible to all. Another thing is that Cloudron "admin" always has access to all apps.
-
@cyberfreakde Right, as @jdaviescoates set, just create a "website" group with just the users and then set the group as the permission in the app's Access control view. The important thing to remember is that the "default" Access is accessible to all. So you have to go into each app and make sure it's not accessible to all. Another thing is that Cloudron "admin" always has access to all apps.
-
@girish How can I give them access to ftp without them being admin? Is it possible?
@cyberfreakde Yes, in Cloudron 6, there is an option - https://docs.cloudron.io/apps/#non-admin-access . The SFTP access info is not displayed for normal users currently (which can be considered a bug). But they should be able to login with
username@app.domain.comand their cloudron password (sftp port 222). -
@cyberfreakde Yes, in Cloudron 6, there is an option - https://docs.cloudron.io/apps/#non-admin-access . The SFTP access info is not displayed for normal users currently (which can be considered a bug). But they should be able to login with
username@app.domain.comand their cloudron password (sftp port 222).@girish Wow, Thanks! This is perfect. Somehow flew over it while reading the docs.
-
@cyberfreakde you can already do it using the existing groups and roles, you just have to remember to do it for each app
@jdaviescoates @cyberfreakde
you can also set up a WP instance with all the groups configured as you need them, then just clone it for new sites and drop in users as needed. Config once, clone many. -
@jdaviescoates @cyberfreakde
you can also set up a WP instance with all the groups configured as you need them, then just clone it for new sites and drop in users as needed. Config once, clone many.@robi My friend wrote his own website so I have to use LAMP.
-
@jdaviescoates @cyberfreakde
you can also set up a WP instance with all the groups configured as you need them, then just clone it for new sites and drop in users as needed. Config once, clone many. -
@robi thanks, but I can't really imagine when I'd want/ need loads of different WP sites with the same groups. The issue here it to be able to quickly add the same group to lots of different apps.
@jdaviescoates Yeah, for that we need a group dropdown to select all the different apps.
-
@jdaviescoates Yeah, for that we need a group dropdown to select all the different apps.
I'm not sure why this has been marked as solved. Aside from all the groups stuff I'd still really like to be able to make people admins for a specific domain.
Like, right now I'm working with @thetomester13 on selfhost.cloud stuff and whilst I've created a related group and given him access to relevant apps, I can't add him as an admin because then he'd have access to all my other stuff too.
But it'd be really handy if he were an admin for all selfhost.cloud stuff so he doesn't have to ask me to restart apps, increase memory for apps etc etc.
-
I'm not sure why this has been marked as solved. Aside from all the groups stuff I'd still really like to be able to make people admins for a specific domain.
Like, right now I'm working with @thetomester13 on selfhost.cloud stuff and whilst I've created a related group and given him access to relevant apps, I can't add him as an admin because then he'd have access to all my other stuff too.
But it'd be really handy if he were an admin for all selfhost.cloud stuff so he doesn't have to ask me to restart apps, increase memory for apps etc etc.
@jdaviescoates Maybe group admins would be easier to do.
-
@jdaviescoates Maybe group admins would be easier to do.
I've asked for that a few times over the years: I would image a group-admin role for a user (who can have one or multiple domains). That group-admin can do all the stuff a regular admin can do, but only for the domains they're assigned to.
A second request was something like a user/app limit per domain (set by the superadmin), so that the group-admin and/or group-manager couldn't add more than 5/10/xx people/apps, so they don't trash the place and keep their resources in check.
This scenario would be for bigger servers that host multiple tenants which shouldn't see the stuff of the other users but can still operate independently.
-
@jdaviescoates Maybe group admins would be easier to do.
@robi I don't mind how it's done, so long as I could make people admins for certain apps and not all of them
-
Erm, separate Cloudron instances perhaps?
Web Design https://www.evergreen.je
Development https://brandlight.org
Life https://marcusquinn.com -
Erm, separate Cloudron instances perhaps?
@marcusquinn yeah, that's probably what we'll end up doing. Just trying to bootstrap and avoid the cost of another VPS even though Hetzner are so affordable (I've got so many credits for referring people that the cost of another Cloudron sub isn't an issue right now, although of course often that'd be more than the VPS itself)
-
@marcusquinn yeah, that's probably what we'll end up doing. Just trying to bootstrap and avoid the cost of another VPS even though Hetzner are so affordable (I've got so many credits for referring people that the cost of another Cloudron sub isn't an issue right now, although of course often that'd be more than the VPS itself)
@jdaviescoates I guess depends on the cost-benefit and I don't know enough of your use-case. Personally, I'd more comfortable containing clients by VPS. Overall, it's still a lotta bang for bucks and no more than a Spotify subscription or similar.
I guess if you're doing front-line support you could try haggling for a volume discount on the Cloudron side and those little Hetzner VPSs are pretty mighty eh!
-
Cloudron is currently not designed for shared hosting style setups where "groups" of users can be totally isolated from one another. It's possible to make it like that, but I do think VM level isolation is the more modern and secure way of isolating organizations. If we are to do this, we have to re-think how all the features work in the context of shared setups.
-
Cloudron is currently not designed for shared hosting style setups where "groups" of users can be totally isolated from one another. It's possible to make it like that, but I do think VM level isolation is the more modern and secure way of isolating organizations. If we are to do this, we have to re-think how all the features work in the context of shared setups.
@girish said in Per domain user subscription and admin role:
I do think VM level isolation is the more modern and secure way of isolating organizations
As @avatar1024 has also highlighted, there is very often the need to isolate different groups of people working on different projects within the same organisation.
Indeed, aside from very small totally horizontal worker co-ops where everyone had access to everything I can't really think of any examples of organisations where this wouldn't be a common need.
-
@girish said in Per domain user subscription and admin role:
I do think VM level isolation is the more modern and secure way of isolating organizations
As @avatar1024 has also highlighted, there is very often the need to isolate different groups of people working on different projects within the same organisation.
Indeed, aside from very small totally horizontal worker co-ops where everyone had access to everything I can't really think of any examples of organisations where this wouldn't be a common need.
@jdaviescoates said in Per domain user subscription and admin role:
As @avatar1024 has also highlighted, there is very often the need to isolate different groups of people working on different projects within the same organisation.
I think I may have not understood the requirements then. Don't cloudron groups offer a way to isolate groups under same org? The original request was domain level isolation. Is that common?
-
@jdaviescoates said in Per domain user subscription and admin role:
As @avatar1024 has also highlighted, there is very often the need to isolate different groups of people working on different projects within the same organisation.
I think I may have not understood the requirements then. Don't cloudron groups offer a way to isolate groups under same org? The original request was domain level isolation. Is that common?
