On 11/12/2017 07:47 AM, Pierre L. wrote: > Hey! > > There are some months ago I have tried Freedombox. > Today it's a new test with a Debian 9 64bits Stretch in Virtualbox + > install Freedombox by command lines as described on the documentation. > (it's easy! thx for your work!) > > I see this previous bug (#733 github) solved , but on my fresh install, > a new user without "admin" or "wiki" group is still able to install some > apps, successfully installed Tor and Roundcube for my tests... > > May have I misunderstood something ? > A normal user has admin level by default ? > > Thx for your light !
Hi Pierre, Debian 9 (Stretch) has plinth-0.13.1. In this version, the only difference between "admin" and other users is that "admin" users can access the box through SSH or console login. But every user can change configuration through Plinth. In other words, you should not create Plinth accounts for untrusted users. This was changed in plinth 0.14 and above (targeted for Debian 10 (Buster)). Now, only the "admin" users can change configuration. I suggested in github issue #281 to add a description that this group is for the owner(s) of the FreedomBox. -- James
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
