Admin /Root / Groups / Rights confusion

[kbarb]

Admin / Root / Groups / Rights confusion

I'm just trying to figure out how all this works . . . pretty new at this . . . but looking around at the console. Four questions basically . . .

1. I read that the Admin user is a special user acct. that allows access to the GUI and root access if necessary, so I sort of expected it to be part of the Wheel group, but it appears not to be. Is it so unique that it's hidden ? I was expecting to see it in the list of users at the CLI with . . .

Code:

cat etc/passwd

2. So "Admin" is different than "Root", right - not an alias ? Can anyone shed a bit more light on what & where the Admin user is ?


3. With Groups, I expected to see some members of groups - like root would be a member of "wheel," but there are no members of groups listed with [cat group] except for the one user and group combination I made (at the bottom of the list below). Maybe I'm doing something wrong. I see with [cat passwd] that primary groups are listed for each user, but aren't they supposed to show up here ? :

Code:

[root@nas] /etc# cat group
wheel:*:0:  [no members here]
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
avahi:*:200:
messagebus:*:201:
Testgroup:*:1001:testuser

4. Are there rights associated with either built-in or added-on users & groups ? If so, how would you view them. I see in the GUI that for a user you can check the box to "Disable Password Logins" for them, couple other things there, but is there anything else I should know about ?

Thanks a lot.

 

[ProtoSD]

Hi Kbarb,

Admin is an independent username exclusively for the GUI. I understand how this can be confusing, but it's pretty simple. The Admin account for the GUI is not a standard Unix account, it's stored in the database for FreeNAS. You can also create another user and call it Admin and it will create a standard account called Admin which will be completely unrelated. The GUI gives you the option to change the *GUI Admin* name to something else also.

With the groups you need to look at the /etc/passwd file too. If you look at the group ID for "wheel" in the list you posted you'll see it's zero/0. If you then look at the passwd file you'll see that the GID field for root is 0 also, so the default group for root is wheel. If a user is a member of a group other than their default group, then you should see them in the group file. Of course that doesn't explain the testuser you created, I'm a little rusty so maybe someone else can fill in that detail...

The users/groups don't have rights, there are ACL's (access control lists), but those are tied into the file system and are enabled/controlled differently.

Here's a link if you want to read about ACL's:

http://www.freebsd.org/doc/handbook/fs-acl.html

 

[kbarb]

Ok, thanks, that's kind of what I thought.
So the Admin user is not really an acct you can chase down - not that you'd really need to I guess because it's just for accessing the GUI and making changes there.
Indeed, I had made, before, another Admin user myself, then got to wondering about what's the difference, but now I see.

And as for the root having its GID field in passwd as "0" - yes, I saw that, but I thought it was supposed to show up as a member of the Group --> Wheel. In fact I thought all the built-in Users would show up in a group with [cat group], but as you write, they do show up at each line in etc/passwd. I'm not going to worry about it too much, I was just wondering.

The "testuser" was just a user I made at the GUI - and I put it in a Group "testgroup" that I also made, just to see how it would show up with [cat group] on the CLI.

Ok, reading that ACL link now - thanks.