Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Add password for initial configuration

Add password for initial configuration

Scheduled Pinned Locked Moved Solved Feature Requests
11 Posts 4 Posters 2.8k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by girish
    #2

    We actually implemented this a couple of releases ago. If you run cloudron-setup --generate-setup-token, it will create a setup token which is saved in /etc/cloudron/SETUP_TOKEN . At the end of setup script, it will also display the token.

    ruihildtR 1 Reply Last reply
    4
    • girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #3

      I updated https://docs.cloudron.io/installation/

      1 Reply Last reply
      4
      • girishG girish

        We actually implemented this a couple of releases ago. If you run cloudron-setup --generate-setup-token, it will create a setup token which is saved in /etc/cloudron/SETUP_TOKEN . At the end of setup script, it will also display the token.

        ruihildtR Offline
        ruihildtR Offline
        ruihildt
        wrote on last edited by
        #4

        @girish Wouldn't it be better if this was the default for new installations, and then have the flag for disabling it?

        nebulonN 1 Reply Last reply
        3
        • ruihildtR ruihildt

          @girish Wouldn't it be better if this was the default for new installations, and then have the flag for disabling it?

          nebulonN Away
          nebulonN Away
          nebulon
          Staff
          wrote on last edited by
          #5

          @ruihildt I guess that is a bit of a trade-off between usability and real threat. Generally an attacker would have to get the time window right, know the ip address and then will be able to setup the Cloudron. However to actually then also modify the code to let the normal user believe nothing the system is untampered with, he/she needs to have SSH access, which the dashboard does not give as such. So further an attacker would need to know a security hole in Cloudron components.

          Overall from my current perspective, that risk is quite low. Does anyone else have a different idea how to exploit this?

          mehdiM 1 Reply Last reply
          1
          • nebulonN nebulon

            @ruihildt I guess that is a bit of a trade-off between usability and real threat. Generally an attacker would have to get the time window right, know the ip address and then will be able to setup the Cloudron. However to actually then also modify the code to let the normal user believe nothing the system is untampered with, he/she needs to have SSH access, which the dashboard does not give as such. So further an attacker would need to know a security hole in Cloudron components.

            Overall from my current perspective, that risk is quite low. Does anyone else have a different idea how to exploit this?

            mehdiM Offline
            mehdiM Offline
            mehdi
            App Dev
            wrote on last edited by
            #6

            @nebulon No SSH access needed, an attacker could just use the Volumes feature to get write access to the cloudron code folder, and be able to do whatever they want.

            nebulonN 1 Reply Last reply
            0
            • mehdiM mehdi

              @nebulon No SSH access needed, an attacker could just use the Volumes feature to get write access to the cloudron code folder, and be able to do whatever they want.

              nebulonN Away
              nebulonN Away
              nebulon
              Staff
              wrote on last edited by
              #7

              @mehdi interesting idea. The volumes however only allow to configure /mnt, /media, /opt or /srv for the filesystem type.

              1 Reply Last reply
              1
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #8

                Yeah, the volumes logic specifically prevents mounting random things when using the "unmanaged" mounts (i.e things which Cloudron does not mount and manage itself) - https://git.cloudron.io/cloudron/box/-/blob/master/src/volumes.js#L52

                1 Reply Last reply
                0
                • mehdiM Offline
                  mehdiM Offline
                  mehdi
                  App Dev
                  wrote on last edited by
                  #9

                  OK, my bad about volumes, but I believe the Cloudron dashboard was not designed with the goal of defending against an admin constantly in mind. So it is safe to assume that there are probably bypasses lurking somewhere, maybe in the docker addon, maybe in the backups stuff ... in any case, I believe that having this as default would be a minor inconvenience, with a non-negligible security benefit.

                  ruihildtR 1 Reply Last reply
                  3
                  • mehdiM mehdi

                    OK, my bad about volumes, but I believe the Cloudron dashboard was not designed with the goal of defending against an admin constantly in mind. So it is safe to assume that there are probably bypasses lurking somewhere, maybe in the docker addon, maybe in the backups stuff ... in any case, I believe that having this as default would be a minor inconvenience, with a non-negligible security benefit.

                    ruihildtR Offline
                    ruihildtR Offline
                    ruihildt
                    wrote on last edited by
                    #10

                    @mehdi This is exactly what I'm most worried about, the unknown unknowns, and it seems here the added friction is negligible: copying the token from the command line to the webbrowser.

                    ruihildtR 1 Reply Last reply
                    1
                    • ruihildtR ruihildt

                      @mehdi This is exactly what I'm most worried about, the unknown unknowns, and it seems here the added friction is negligible: copying the token from the command line to the webbrowser.

                      ruihildtR Offline
                      ruihildtR Offline
                      ruihildt
                      wrote on last edited by
                      #11

                      As you probably have access to the IP of the server, you could simply display a link once the setup is complete in the CLI:

                      https://<IP>?<token>
                      

                      So not even copy/paste needed for most.^^

                      1 Reply Last reply
                      3
                      • rmdesR rmdes referenced this topic on
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search