Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Disable Cloudron user login

    YOURLS
    4
    11
    576
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rosano
      rosano last edited by

      I was trying to avoid using the Cloudron user to sign into YOURLS so I set the Access Control to an empty group with no users. After restarting the app it seems that it still signs in with the Cloudron admin user. How can I disable this?

      I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

      jdaviescoates girish 2 Replies Last reply Reply Quote 0
      • jdaviescoates
        jdaviescoates @rosano last edited by

        @rosano it sounds like perhaps you should re-install YOURLS but using the "Leave user management to the app" option.

        Leave_user_management_to_the_app.png

        I think that would mean your Cloudron users (including Admin) wouldn't be able to login with their Cloudron credentials.

        Other options would be

        1. ensure you've got 2FA turned for your Cloudron Admin account (so it can't be brute forced), and/ or
        2. make your Cloudron Admin password insanely long and secure (and use the Vaultwarden app to remember it).

        I use Cloudron with Gandi & Hetzner

        rosano 1 Reply Last reply Reply Quote 2
        • jdaviescoates
          jdaviescoates @rosano last edited by

          @rosano Cloudron Admin users can always login to all app (if they have LDAP integration enabled).

          Perhaps just make another user with less permissions for accessing YOURLS if you're concerned?

          See also App Passwords in the docs:

          https://docs.cloudron.io/profile/#app-passwords

          That may be exactly what you are looking for 🙂

          I use Cloudron with Gandi & Hetzner

          rosano 1 Reply Last reply Reply Quote 1
          • rosano
            rosano @jdaviescoates last edited by rosano

            @jdaviescoates The "App Passwords" is a pretty amazing feature, didn't know about that. I tried it and it works well, but it's still possible to login with the main account. I guess I worry that if someone can brute force guess the main account via one app, then it compromises all the apps…

            jdaviescoates 1 Reply Last reply Reply Quote 1
            • jdaviescoates
              jdaviescoates @rosano last edited by

              @rosano it sounds like perhaps you should re-install YOURLS but using the "Leave user management to the app" option.

              Leave_user_management_to_the_app.png

              I think that would mean your Cloudron users (including Admin) wouldn't be able to login with their Cloudron credentials.

              Other options would be

              1. ensure you've got 2FA turned for your Cloudron Admin account (so it can't be brute forced), and/ or
              2. make your Cloudron Admin password insanely long and secure (and use the Vaultwarden app to remember it).

              I use Cloudron with Gandi & Hetzner

              rosano 1 Reply Last reply Reply Quote 2
              • rosano
                rosano @jdaviescoates last edited by

                @jdaviescoates Makes sense, I forgot about that option.

                It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                Invalid configuration for YOURLS LDAP plugin. Check PHP error log.

                Maybe it's copying the Access Control settings for the app?

                jdaviescoates girish 2 Replies Last reply Reply Quote 1
                • jdaviescoates
                  jdaviescoates @rosano last edited by

                  @rosano sounds like it. I'm not sure on the best approach to do this but perhaps @Staff could help? 🙂

                  I use Cloudron with Gandi & Hetzner

                  1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @rosano last edited by

                    @rosano said in Disable Cloudron user login:

                    I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

                    What we do to mitigate this is to enable 2FA inside each app wherever applicable. Cloudron dashboard also has 2FA, of course.

                    1 Reply Last reply Reply Quote 0
                    • girish
                      girish Staff @rosano last edited by

                      @rosano said in Disable Cloudron user login:

                      It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                      Do you mean both are Cloudron installations? In that case, If I am following correctly, the old one had access control enabled but the new one doesn't. Correct?

                      If the above is correct, go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                      rosano 1 Reply Last reply Reply Quote 0
                      • rosano
                        rosano @girish last edited by

                        @girish said in Disable Cloudron user login:

                        go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                        Bingo! That was what I needed. It was actually a symlink and not possible to delete via the file manager, but I was able to rm yourls-ldap-plugin via the shell and then restart the app. Works as desired now, thank you 🙂

                        girish 1 Reply Last reply Reply Quote 1
                        • girish
                          girish Staff @rosano last edited by

                          @rosano Oh that looks like a bug. @nebulon can you take a look why symlinks cannot be deleted in file manager? (probably check both dangling and good symlinks).

                          nebulon 1 Reply Last reply Reply Quote 1
                          • nebulon
                            nebulon Staff @girish last edited by

                            @girish indeed symlink deletion was broken and is fixed now for the next release.

                            1 Reply Last reply Reply Quote 2
                            • First post
                              Last post
                            Powered by NodeBB