Replies: 2 comments 1 reply
-
|
The more usual way to do this is to put all user accounts who should be allowed to access/admin that particular application into some If you have a custom cockpit page, that could certainly run the |
Beta Was this translation helpful? Give feedback.
-
|
Hi Martin, thanks for your answer! I want to use the podman and systemd-services module in cockpit as this app-user, but without logging in as this user (because SSH has to be disabled). Do you think that's possible to archive somehow? Levi |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, no, that's not possible. |
Beta Was this translation helpful? Give feedback.
-
Let me explain.
I have a server with some applications running under the specific user "app-user". And there are a couple of admins who should be able to administrate these applications - so they should be able to login to "app-user". But here comes the challenge: I (root) want to have full control on when which admin gets access or not. So here is what i did:
I created an own user account for each admin and put them all in the group "sudo-app-user". Then I disabled SSH Login for "app-user" and added the following rule in the sudoers file:
In this way every admin account in the group "sudo-app-user" has access to app-user via
sudo -iu app-userbut cannot modify this access for themselves or other admins (because SSH is deactivated).But:
This concept does unfortunately not work with cockpit. On the command line it's perfectly fine, but I haven't found a solution yet, how an admin user can login into cockpit and switch to "app-user" then (via sudo).
The "administrative access" feature works in a similar way, so I guess it should be possible to get my concept working with cockpit.
Has anyone a idea what I could do?
Beta Was this translation helpful? Give feedback.
All reactions