martybugs.net SmoothwalL Express Info
 navigation
. MartyBugs home
. Smoothwall home
 
 Smoothwall info
. my box
. connect speed display
. red IP address display
. bytes in/out
. VNC over SSH
. time sync
. ad zapping
. ip accounting on 0.9.9 / 1.0
. ip accounting on 2.0
. status LEDs
. adding web users
. iptables config
. internal PPTP VPN
. RRDTool traffic graphs
. password reset
. proxy log analysis
. RRDTool memory graphs
. Squid config
. adding shell users
. Smoothwall links
 
 modem config
. Billion 7402L adsl router
. DSL-300G adsl modem
. DSL-300+ adsl modem
 
 site search
Custom Search
 
Adding Web Users

[This modification has been verified to work with Smoothwall GPL 1.0 and Smoothwall Express 2.0.]

This page will show you how to create additional user accounts for logging into Smoothwall's web interface, and how to grant those users access to specific pages in the web interface.

Background:
Smoothwall has two user accounts which can be used for logging into the console or via SSH, namely root and setup.
It has two user accounts which can be used for logging into the web interface, namely admin and dial.

The passwords for the admin and dial users can be set through the web interface, and the passwords for root, setup and admin can also be set via the setup application.

The user accounts which you can use for logging into the web interface are not "real" user accounts - they are .htaccess user accounts (refer to the URL listed in the References section at the bottom of the page for more info).

However, you may have a need for more than one user to view various pages of Smoothwall's web interface (ie, dialing/disconnecting, viewing logs, etc), and this page shows you how to do that.

Requirements:
You'll need:
  • A Smoothwall GPL 1.0 or Express 2.0 installation (obviously...).
  • A way of getting a command-line prompt on your Smoothwall box (either by logging directly onto your Smoothwall box, using a SSH client such as PuTTY or SSH Secure Shell, or via the Smoothwall web interface).
Creating an Account:
Ensure you have SSH enabled on your Smoothwall (it's configured on the "remote access" page. This is required logging into your Smoothwall with SSH.

Login to your Smoothwall box via SSH as root.

To create a new user account for accessing the web interface, from a command prompt on your Smoothwall box, run the following: 

htpasswd /var/smoothwall/auth/users username

replacing username with a new username.
You'll be prompted twice to specify a password for this user.

Granting Access:
You've now created the user account, but by default, this user account does not have access to of the pages in the Smoothwall web interface.
To grant this user access, you'll need to edit these files: 

/home/httpd/cgi-bin/.htaccess
/home/httpd/cgi-bin/logs.cgi/.htaccess
/home/httpd/cgi-bin/vpn.cgi/.htaccess

and add the username to the valid user list for any pages which that user should be allowed to access.

For example, if I wanted a user called mpot to be able to access the shutdown page, I'd add the username as follows: 

<Files shutdown.cgi>
require user admin mpot
</Files>

Make similar changes to the other .htaccess files, and you can now log in to the web interface using any account you choose.

Changing Passwords:
To change the password for any of your new user accounts, just run 

htpasswd /var/smoothwall/auth/users username

from a command prompt on your Smoothwall box, and enter a new password.

References:
Apache Authentication, Authorization, and Access Control



last updated 3 Nov 2004
  
.