Cannot disable admin account

Discussion on setting up QNAP NAS products.
Locked
FieldNas
New here
Posts: 7
Joined: Thu Aug 11, 2016 6:06 pm

Cannot disable admin account

Post by FieldNas »

Hi,
In order to disable the admin account (TS-453A/ QTS 4.2.1) I followed the steps explained on https://www.qnap.com/en-us/tutorial/con ... ne&cid=137.
However, when I login using the new account it is not possible to select the original Admin account and deselect it.
How can I solve this issue?
Thanks in advance.
User avatar
Spider99
Experience counts
Posts: 1951
Joined: Fri Oct 21, 2011 11:14 pm
Location: UK

Re: Cannot disable admin account

Post by Spider99 »

this is a bad idea as the admin account is fundamental to the way the nas works and lots of issues usually occur when its disabled
Tim

TS-853A(16GB): - 4.3.4.0483 - Static volume - Raid5 - 8 x 4TB HGST Deskstar NAS
Windows Server + StableBit Drivepool and Scanner ~115 TB Backup Server
TS-412 & TS-459 Pro II: Retired
Clients: 3 x Windows 10 Pro(64bit)
gggplaya
Been there, done that
Posts: 747
Joined: Wed Apr 20, 2016 10:05 pm

Re: Cannot disable admin account

Post by gggplaya »

Just give your admin account a rediculously long and stupid password. Copy it somewhere and save it in case you ever need it for some reason. But never use it again unless you have to.
FieldNas
New here
Posts: 7
Joined: Thu Aug 11, 2016 6:06 pm

Re: Cannot disable admin account

Post by FieldNas »

Thank you very much for the quick responses and recommendations. Really appreciated!
I am a bit confused, because it is qnap itself that recommends to disable the admin account in order to enhance security (see: https://www.qnap.com/en/tutorial/con_sh ... ne&cid=137 )
Nevertheless, it is not possible to disable the admin account, which should have been given the instructions of qnap. Is this a bug in the software?
User avatar
Spider99
Experience counts
Posts: 1951
Joined: Fri Oct 21, 2011 11:14 pm
Location: UK

Re: Cannot disable admin account

Post by Spider99 »

Yes it is a bit odd that qnap did release that tutorial - but they also did not explain the consequences of disabling the admin account - sigh

for example - if you do disable admin you then cant ssh into the nas to do any admin as ssh only works with the admin account

as suggested above give the admin account a long complicated password if you are going to expose it to the internet - if its only going to be used within your lan then minimal risk to having an admin account
Tim

TS-853A(16GB): - 4.3.4.0483 - Static volume - Raid5 - 8 x 4TB HGST Deskstar NAS
Windows Server + StableBit Drivepool and Scanner ~115 TB Backup Server
TS-412 & TS-459 Pro II: Retired
Clients: 3 x Windows 10 Pro(64bit)
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Cannot disable admin account

Post by schumaku »

FieldNas wrote:However, when I login using the new account it is not possible to select the original Admin account and deselect it.
Lack of understanding of the QTS UI.... While the admin account can't be selected (as it would be required to [Delete] it!) there is an action item for "Edit Account Profile" ...
Edit Account Profile - not select.PNG
...form there you can easily reach the Edit Account Profile shown in the tutorial.
Spider99 wrote:this is a bad idea as the admin account is fundamental to the way the nas works and lots of issues usually occur when its disabled
For the supported NAS operations, and most others, the admin account can be disabled. The point is that it can't be removed, the admin entry must remain in passwd.

Not blaming the other community members here ... most don't' disable the admin account, because they want to retain the SSH (and probably last resort telnet) access. :mrgreen:
You do not have the required permissions to view the files attached to this post.
FieldNas
New here
Posts: 7
Joined: Thu Aug 11, 2016 6:06 pm

Re: Cannot disable admin account

Post by FieldNas »

Got it! I managed to "disable" it through the "Edit account profile". Thanks for the support!
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Cannot disable admin account

Post by schumaku »

FieldNas wrote:Got it! I managed to "disable" it through the "Edit account profile". Thanks for the support!
Glad to help. Can't resist to repeat the word of the wise:

Image

You had been warned - no more ssh (and telnet) access!
FieldNas
New here
Posts: 7
Joined: Thu Aug 11, 2016 6:06 pm

Re: Cannot disable admin account

Post by FieldNas »

Thanks again for the wise words :-)
brandon.arnold
Starting out
Posts: 24
Joined: Tue Apr 18, 2017 9:48 am

Re: Cannot disable admin account

Post by brandon.arnold »

schumaku wrote:
FieldNas wrote:Got it! I managed to "disable" it through the "Edit account profile". Thanks for the support!
Glad to help. Can't resist to repeat the word of the wise:

Image

You had been warned - no more ssh (and telnet) access!
This is no longer true on my QTS 4.3 instance. I can SSH into my NAS with my alternate account with "admin" disabled. This does not solve everything, however.

Many apps have an assumption the "admin" account is still being used within the GUI, even after it is disabled. This is even true of the File Station GUI after Advanced Folder Permissions are turned on in the Shared Folders Control Panel, which references the "admin" account in one of the checkboxes for setting folder permissions.

Also, Linux Station requires the "admin" account to be enabled, and copies it to the linux environment when it is booted for the first time. Without this, you cannot log into the Linux Station instance. This results in a /nas_share folder for this "admin" user which has full access to all directories/shared folders. Also, all other accounts created in QTS will not exist on Linux Station. Any accounts subsequently recreated on the Linux Station OS will need to authenticate with their respective NFS/CIFS accounts to have the appropriate NAS directory permissions; those would be mounted through CIFS and completely separate from the /nas_share folder.
User avatar
Don
Guru
Posts: 12289
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York

Re: Cannot disable admin account

Post by Don »

Topic locked.
Use the forum search feature before posting.

Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Locked

Return to “Turbo Station Installation & Setup”