search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
354 stars 102 forks source link

[Information] Creating Super Admins #35

Closed gareth-johnstone closed 3 years ago

gareth-johnstone commented 3 years ago

I'll leave this up to the maintainer to decide if it should go into the readme, but it was certainly something we struggled to get working, how to create other super admins - we have the answers in-case someone comes looking for it

Creating other Super Admins

You will need to find the name of the docker container first docker ps

Then run the following

docker exec -it <name> bash
su - gvm
gvmd --create-user=MySecondSuperAdmin -v --role="Super Admin"

This will result in a message saying that the user has been created along with the new password - take note of this before proceeding.

If you have already create a normal admin and would like to become a super admin, do the following

docker exec -it <name> bash
su - gvm
gvmd --create-user=MyUser2 -v --role="Super Admin"
gvmd –-delete-user=MyUser --inheritor=MyUser2
gvmd --create-user=MyUser -v --role="Super Admin"
gvmd –-delete-user=MyUser2 --inheritor=MyUser

Ensuring you take note of the password for the 2nd create user!

immauss commented 3 years ago

Thanks.

I've never come across a need for a second SuperAdmin ( It's just me that uses its, so there aren't even any other accounts than my own.)

I'm not aware of anything you would need the SuperAdmin account for either. The only think I'm aware of is it is uses as the owner of the feeds, but what else?

I have created users in the past and granted them access to the bits those users needed with no issue through the GSA.

As for adding this specifically to the Docs ... I think it goes more into the how of GVM/Openvas than the container. Though I do think I should add a section on how to administer the container side better. Such as using "docker exec" to get there. So I'll add that, then use your input as an example. But I would like to add a use case for needing the additional SuperAdmin with it too.

Thanks, -Scott

gareth-johnstone commented 3 years ago

Thanks.

I've never come across a need for a second SuperAdmin ( It's just me that uses its, so there aren't even any other accounts than my own.)

I'm not aware of anything you would need the SuperAdmin account for either. The only think I'm aware of is it is uses as the owner of the feeds, but what else?

I have created users in the past and granted them access to the bits those users needed with no issue through the GSA.

As for adding this specifically to the Docs ... I think it goes more into the how of GVM/Openvas than the container. Though I do think I should add a section on how to administer the container side better. Such as using "docker exec" to get there. So I'll add that, then use your input as an example. But I would like to add a use case for needing the additional SuperAdmin with it too.

Thanks, -Scott

Our need for additional super admins is purely so we can see each-others scans / reports etc as a normal "admin" cant see things that other users have created, unless your a super admin :)

and also super admins cant only be created from the shell and cannot be done through the web interface (even though the option to do so is there (you get permission denied))

immauss commented 3 years ago

Finally added this to the docs.

Thanks!