I want to allow certain trusted users the ability to take down my lemmy instance or reboot it or x, y, z actions in case things go wrong or there is a security incident.

Ideally I would want to have some sort of admin interface that’s secure and tested and allow these users to have some sort of login and from there have the ability to execute certain actions that could correspond to a “break glass in case of emergency” scenario.

I’ve been pointed at https://www.portainer.io/ but they seem to have a steep price for the limited use-case that I would be giving it.

I know about some admin interfaces like webmin, but I don’t know which one allow you to create very restricted users or just give users the ability to execute some limited pre-defined commands.

Thank you <3

    • Wander@yiffit.netOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Thank you! I’ll look into it!

      Edit: actually that sound exactly like what I had in mind!!

  • oranki@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I’d go the SSH + sudo way.

    Sudo can be quite finely tuned to only allow specific commands. If you want to lock the SSH session further, look into rbash.

    • bignavy@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This was my first thought.

      I do this for a living and it’s literally built into Linux.

      Set their permissions carefully, ensure that the permission set does what you want (and not a bunch of stuff you don’t want), and keep on keeping on.

  • ScaredDuck@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Cockpit is quite mature and sponsored by Red Hat. Your users can log in with their normal account on the system which you can lockdown however you want.

    • Wander@yiffit.netOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Possibly, but it would have to be so severely locked down that it makes more sense to have a web interface with a few buttons that do some very basic actions, including making my phone ring or stuff like that.

      • perviouslyiner@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        That seems almost exactly what the sudoers file is meant for.

        If several actions have to happen at once (call the phone first), or need parameters, or need a kill switch, that is what a script with the SETUID bit does.

  • marsara9@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Slightly off topic, but are there not security concerns about opening up a portainer instance to the internet? I run portainer for all of my intranet hosted containers but I have reservations about running either the agent or portainer itself on something external to my lan. It seems like an easy attack vector but maybe I’m just overly worried?

    • Voroxpete@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Probably better to provide access to Portainer via a VPN if that’s the route they want to go (Tailscale would be perfect for this scenario).

      • marsara9@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Ya, I’ve got a few public services out there and I would love for a better way to manage them. But the fewer ports I open the better. I think there’s also portainer edge agent that’s more secure for prod environments, but I’ve yet to look into it much.

    • sneakyninjapants@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I have reservations about running either the agent or portainer itself on something external to my lan.

      I don’t feel like it’s safe enough personally either, so I just have portainer edge-agent nodes connected to the primary on my intranet through through vpn tunnels. I really, really would prefer not to ever open ports on my local firewall, but being able to monitor and control remote docker hosts is also pretty convenient, so my solution has been decent for me.