Can we have multi user support for the IPFire WebUI?
I see several benefits:
- “one user = one account” aka. “no account sharing” policy - a good practice if there are several admins working on the same system. Thinking about accountability and employees leaving the company etc.
- delegation of admin tasks if combined with a permission structure for the individual parts of the WebUI. A very simple dual permission structure like READ ONLY and FULL ACCESS would do.
I know there is this topic from 2011 (https://forum.ipfire.org/viewtopic.php?t=4929) where a similar request was turned down. Maybe now, almost 9 years later, this can be given another thought?
Greetings from Vienna
I think this is a great idea. I actually had the same thought, but for a different reason. It would be nice to give another person access to only a certain subset of the UI. For example, a departmental manager wants to watch web access of their employees, so they get access to Proxy Logs and Proxy Reports only. Or manager wants to check if the employee who calls in to work from home actually logs into the VPN. They would get access to Roadwarrior Statistics. Then you’re not giving the keys to the kingdom to a non IT/non admin person. They only get that specific access you assign them.
I can’t understand why there are people out there who want to have a read only mode. If I don’t want somebody to make any changes I also don’t want him to see the settings because this may be already a security risk.
READ ONLY is a perfectly valid permission set for a handful of use cases like
- Log checking
- Debugging networking problems (e.g. in support)
- Downloading configuration backups or vpn configs
Right now we have no plans to add this. Although I understand the desire for this, the web UI is not easily extensible in this way.
Time to change this path?
Maybe using some thirdy party tool…
What about multi user support without extra permission levels? Would that be easier? And then go from there in small steps?
In IPFire 3, we are doing a complete rewrite of the web UI, so I am not sure how much it is worth putting too much work into it.
But of course it is not very difficult to add more users to the htpasswd file. They will all have the same permissions.