Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. YOURLS
  3. Disable Cloudron user login

Disable Cloudron user login

Scheduled Pinned Locked Moved Solved YOURLS
11 Posts 4 Posters 1.2k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rosanoR Offline
      rosanoR Offline
      rosano
      wrote on last edited by
      #1

      I was trying to avoid using the Cloudron user to sign into YOURLS so I set the Access Control to an empty group with no users. After restarting the app it seems that it still signs in with the Cloudron admin user. How can I disable this?

      I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

      jdaviescoatesJ girishG 2 Replies Last reply
      0
      • rosanoR rosano

        @jdaviescoates The "App Passwords" is a pretty amazing feature, didn't know about that. I tried it and it works well, but it's still possible to login with the main account. I guess I worry that if someone can brute force guess the main account via one app, then it compromises all the apps…

        jdaviescoatesJ Offline
        jdaviescoatesJ Offline
        jdaviescoates
        wrote on last edited by
        #4

        @rosano it sounds like perhaps you should re-install YOURLS but using the "Leave user management to the app" option.

        Leave_user_management_to_the_app.png

        I think that would mean your Cloudron users (including Admin) wouldn't be able to login with their Cloudron credentials.

        Other options would be

        1. ensure you've got 2FA turned for your Cloudron Admin account (so it can't be brute forced), and/ or
        2. make your Cloudron Admin password insanely long and secure (and use the Vaultwarden app to remember it).

        I use Cloudron with Gandi & Hetzner

        rosanoR 1 Reply Last reply
        2
        • rosanoR rosano

          I was trying to avoid using the Cloudron user to sign into YOURLS so I set the Access Control to an empty group with no users. After restarting the app it seems that it still signs in with the Cloudron admin user. How can I disable this?

          I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

          jdaviescoatesJ Offline
          jdaviescoatesJ Offline
          jdaviescoates
          wrote on last edited by
          #2

          @rosano Cloudron Admin users can always login to all app (if they have LDAP integration enabled).

          Perhaps just make another user with less permissions for accessing YOURLS if you're concerned?

          See also App Passwords in the docs:

          https://docs.cloudron.io/profile/#app-passwords

          That may be exactly what you are looking for 🙂

          I use Cloudron with Gandi & Hetzner

          rosanoR 1 Reply Last reply
          1
          • jdaviescoatesJ jdaviescoates

            @rosano Cloudron Admin users can always login to all app (if they have LDAP integration enabled).

            Perhaps just make another user with less permissions for accessing YOURLS if you're concerned?

            See also App Passwords in the docs:

            https://docs.cloudron.io/profile/#app-passwords

            That may be exactly what you are looking for 🙂

            rosanoR Offline
            rosanoR Offline
            rosano
            wrote on last edited by rosano
            #3

            @jdaviescoates The "App Passwords" is a pretty amazing feature, didn't know about that. I tried it and it works well, but it's still possible to login with the main account. I guess I worry that if someone can brute force guess the main account via one app, then it compromises all the apps…

            jdaviescoatesJ 1 Reply Last reply
            2
            • rosanoR rosano

              @jdaviescoates The "App Passwords" is a pretty amazing feature, didn't know about that. I tried it and it works well, but it's still possible to login with the main account. I guess I worry that if someone can brute force guess the main account via one app, then it compromises all the apps…

              jdaviescoatesJ Offline
              jdaviescoatesJ Offline
              jdaviescoates
              wrote on last edited by
              #4

              @rosano it sounds like perhaps you should re-install YOURLS but using the "Leave user management to the app" option.

              Leave_user_management_to_the_app.png

              I think that would mean your Cloudron users (including Admin) wouldn't be able to login with their Cloudron credentials.

              Other options would be

              1. ensure you've got 2FA turned for your Cloudron Admin account (so it can't be brute forced), and/ or
              2. make your Cloudron Admin password insanely long and secure (and use the Vaultwarden app to remember it).

              I use Cloudron with Gandi & Hetzner

              rosanoR 1 Reply Last reply
              2
              • jdaviescoatesJ jdaviescoates

                @rosano it sounds like perhaps you should re-install YOURLS but using the "Leave user management to the app" option.

                Leave_user_management_to_the_app.png

                I think that would mean your Cloudron users (including Admin) wouldn't be able to login with their Cloudron credentials.

                Other options would be

                1. ensure you've got 2FA turned for your Cloudron Admin account (so it can't be brute forced), and/ or
                2. make your Cloudron Admin password insanely long and secure (and use the Vaultwarden app to remember it).
                rosanoR Offline
                rosanoR Offline
                rosano
                wrote on last edited by
                #5

                @jdaviescoates Makes sense, I forgot about that option.

                It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                Invalid configuration for YOURLS LDAP plugin. Check PHP error log.

                Maybe it's copying the Access Control settings for the app?

                jdaviescoatesJ girishG 2 Replies Last reply
                1
                • rosanoR rosano

                  @jdaviescoates Makes sense, I forgot about that option.

                  It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                  Invalid configuration for YOURLS LDAP plugin. Check PHP error log.

                  Maybe it's copying the Access Control settings for the app?

                  jdaviescoatesJ Offline
                  jdaviescoatesJ Offline
                  jdaviescoates
                  wrote on last edited by
                  #6

                  @rosano sounds like it. I'm not sure on the best approach to do this but perhaps @Staff could help? 🙂

                  I use Cloudron with Gandi & Hetzner

                  1 Reply Last reply
                  0
                  • rosanoR rosano

                    I was trying to avoid using the Cloudron user to sign into YOURLS so I set the Access Control to an empty group with no users. After restarting the app it seems that it still signs in with the Cloudron admin user. How can I disable this?

                    I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #7

                    @rosano said in Disable Cloudron user login:

                    I worry that by using the Cloudron password for each app, it might become a security issue if any one app has low security. Is that something I should be concerned about?

                    What we do to mitigate this is to enable 2FA inside each app wherever applicable. Cloudron dashboard also has 2FA, of course.

                    1 Reply Last reply
                    0
                    • rosanoR rosano

                      @jdaviescoates Makes sense, I forgot about that option.

                      It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                      Invalid configuration for YOURLS LDAP plugin. Check PHP error log.

                      Maybe it's copying the Access Control settings for the app?

                      girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by
                      #8

                      @rosano said in Disable Cloudron user login:

                      It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                      Do you mean both are Cloudron installations? In that case, If I am following correctly, the old one had access control enabled but the new one doesn't. Correct?

                      If the above is correct, go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                      rosanoR 1 Reply Last reply
                      0
                      • girishG girish

                        @rosano said in Disable Cloudron user login:

                        It seems to allow me to login only via a specified account which is great, but if I try to move my data from the old installation via Cloudron backup, I get this error:

                        Do you mean both are Cloudron installations? In that case, If I am following correctly, the old one had access control enabled but the new one doesn't. Correct?

                        If the above is correct, go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                        rosanoR Offline
                        rosanoR Offline
                        rosano
                        wrote on last edited by
                        #9

                        @girish said in Disable Cloudron user login:

                        go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                        Bingo! That was what I needed. It was actually a symlink and not possible to delete via the file manager, but I was able to rm yourls-ldap-plugin via the shell and then restart the app. Works as desired now, thank you 🙂

                        girishG 1 Reply Last reply
                        1
                        • rosanoR rosano

                          @girish said in Disable Cloudron user login:

                          go to the filemanager of the new instance and delete the /app/data/user/plugin/yourls-ldap-plugin and see if that helps.

                          Bingo! That was what I needed. It was actually a symlink and not possible to delete via the file manager, but I was able to rm yourls-ldap-plugin via the shell and then restart the app. Works as desired now, thank you 🙂

                          girishG Offline
                          girishG Offline
                          girish
                          Staff
                          wrote on last edited by
                          #10

                          @rosano Oh that looks like a bug. @nebulon can you take a look why symlinks cannot be deleted in file manager? (probably check both dangling and good symlinks).

                          nebulonN 1 Reply Last reply
                          1
                          • girishG girish

                            @rosano Oh that looks like a bug. @nebulon can you take a look why symlinks cannot be deleted in file manager? (probably check both dangling and good symlinks).

                            nebulonN Offline
                            nebulonN Offline
                            nebulon
                            Staff
                            wrote on last edited by
                            #11

                            @girish indeed symlink deletion was broken and is fixed now for the next release.

                            1 Reply Last reply
                            2
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                              • Login

                              • Don't have an account? Register

                              • Login or register to search.
                              • First post
                                Last post
                              0
                              • Categories
                              • Recent
                              • Tags
                              • Popular
                              • Bookmarks
                              • Search