diff --git a/roles/iiab-admin/README.rst b/roles/iiab-admin/README.rst index cd077a549..741a3e1cb 100644 --- a/roles/iiab-admin/README.rst +++ b/roles/iiab-admin/README.rst @@ -13,17 +13,25 @@ iiab-admin README ================= -This role is home to a number of administrative playbooks. Those implemented are: +This role is home to a number of administrative (Ansible) playbooks: Add Administrative User ----------------------- -* Add the iiab-admin user and password, if this has not already been done for you by IIAB's 1-line installer +* Adds the Linux user that will allow you access to IIAB's Admin Console (http://box.lan/admin) if this has not already been done for you by IIAB's 1-line installer (http://download.iiab.io). +* By default this is ``iiab-admin`` with password ``g0adm1n`` + * *Do change the default password if you haven't yet, by running:* **sudo passwd iiab-admin** + * After IIAB is installed, you can also change the password by logging into Admin Console (http://box.lan/admin) > Utilities > Change Password + * If you prefer using a pre-existing user like ``pi`` or ``ubuntu`` etc, consider customizing variables ``iiab_admin_user_install``, ``iiab_admin_user`` and ``iiab_admin_user_group`` in your `/etc/iiab/local_vars.yml `_ (please do this prior to installing IIAB !) +* Please read more about what escalated (root) actions are authorized when you log into IIAB's Admin Console, and how this works: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md + +Desiderata, for the historical record: + +* Auto-checking for the default password is implemented in `/etc/profile.d `_ (and `/etc/xdg/lxsession/LXDE-pi `_ when it exists). * |ss| N.B. to create password hash use python -c 'import crypt; print crypt.crypt("", "$6$<salt>")' |se| |nbsp| (not recommended as of October 2020) -* |ss| Make a sudoer |se| |nbsp| (likely going away in October 2020, group 'iiab-admin' will be recommended instead of group 'sudo') -* |ss| Add /root/.ssh and dummy authorized_keys file as placeholder |se| |nbsp| (moved to playbook roles/sshd) -* |ss| Force password for sudoers |se| -* Please read more about the 'iiab-admin' Linux user and group, which allow you to log in to IIAB's Admin Console: https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md +* |ss| Make a sudoer |se| |nbsp| (likely going away in October 2020, as group 'iiab-admin' should be recommended instead of group 'sudo') +* |ss| Add /root/.ssh and dummy authorized_keys file as placeholder |se| |nbsp| (moved to `roles/openvpn/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/openvpn/tasks/install.yml>`_) +* |ss| Force password for sudoers |se| |nbsp| (sudo flag ``NOPASSWORD:`` and the ``wheel`` group will no longer being used as of October 2020) Add Packages for Remote Access ------------------------------ @@ -34,4 +42,4 @@ Add Packages for Remote Access Admin Console ------------- -Has been moved to separate git repo: https://github.com/iiab/iiab-admin-console +Has been moved to this separate git repo: https://github.com/iiab/iiab-admin-console