FastX adds the ability to fine tune permissions for user groups so in order to limit the actions a user is allowed to perform. Permissions automatically disable or hide extra actions further removing abilities from the end user. This gives the admin extra control in creating a product that fits the needs of the company.
Getting Started With Permissions
The permission levels are as follows
A logged out user has not logged in yet. There is little the user can do aside from log in.
A user who has been explicitly disabled.
A limited user can perform a subset of user level actions as defined by the administrator. Actions include starting and interacting with sessions, creating bookmarks, viewing the users own user profile etc.
A full user can perform ALL the user level actions available to him.
A manager can perform a limited subset of manager actions. Manager actions include interacting with sessions that the manager does not own, viewing server information, viewing user info etc.
Admins have full user permissions as well as full manager permissions. Admins also have special access to the System section of the FastX Web Server which allows them to configure FastX.
A superadmin is the user who owns the FastX web server process. This user always has admin permissions whether he is in the admin group or not. In a standard setup, the superadmin is a user named fastx. This user does not have a login shell by default.
Permissions are defined by the Linux User Groups of the user. By default special permissions (ie, manager and limited user) are turned off.
In order to enable permissions
- Click on the System Menu
- Select Users > Permissions
- Check Enable Manager Permissions to enable managers
- Save the settings
- Check Enable User Permissions to enable limited users
Differences From Earlier Versions
- In previous versions of FastX Limited Users and Managers did not exist. A Logged In user was either a Full User, an Admin, or the Superadmin.
- For backwards compatibility, the default installation disables fine tuned permissions making it equivalent to 3.0 and earlier versions
- Admins are now defined as users or linux groups.
Limited User Permissions
Once you have defined your user groups, the next step is to restrict permissions for any user who is not an admin or who is not in a Full User Group. Click on the Limited User Permissions tab and uncheck any permission you want to disallow. Then Save.
If you have enabled manager permissions, click on the Manager Permissions tab and select any permissions you want the manager to have. Note, these are permissions that managers can do on other users. Specifically, the Connect Session Action will allow a manager to log in to a running session of a different user. For security purposes, it is often a good idea to disable this action. (Note, admins always have full user and manager permissions).
Permissions provide new ways to separate your users into different user levels. Different levels of access allow admins to follow the Principle of Least Privilege, giving different users the minimum level of power needed to complete the task.