KBEC-00030 - Resetting the admin user’s password - even if the current password is not known

Article ID:360032832452
2 minute readKnowledge base

Description

You might want to reset the admin password for a number of reasons:

  • After installing ElectricCommander, you want to lock-down the system. Changing the admin password is the first task to accomplish system lock-down.

  • The admin user password may be lost.

  • An employee who knows the admin password has left the company, and it is a standard security policy to change all admin passwords for all accessible systems.

Solution

Three scenarios with a different solution for each:

The current admin password is known

  1. Log in as admin

  2. Go to the Administration tab > Users subtab

  3. Edit the admin user

  4. Enter the current and new passwords

A non-admin user has modify privileges on the admin user object

  1. Log in as that user

  2. Go to the Administration tab > Users subtab

  3. Edit the admin user

  4. Enter the logged-in user’s password

  5. Enter the new admin password

The ACL inheritance hierarchy for users is Server -> Directory -> User. Typically, one or more users/groups have the modify privilege on the Server, so those users/groups can modify the admin user.

No user has modify privileges on the admin user

  1. Shut down the ElectricCommander server

  2. Log into the database directly and delete the admin user
    For example, in MySQL (for pre-v6.0 installs):

     mysql -D eflow -u root -pcommander -e "delete from ec_user where name = 'admin'"

    For the built-in MariaDB database (v8.3 or newer) use:

/opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_user where name = 'admin'"
Foreign Key Constraint Possible Error output

  1. You may encounter an error deleting admin:

     ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`eflow`.`ec_user_persona`, CONSTRAINT `fk_persona_user` FOREIGN KEY (`user_id`) REFERENCES `ec_user` (`id`))

  2. If you receive this error the remedy is to delete the constraint keys found in ec_user_personas table:

     /opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_user_persona where user_id in (select id from ec_user where name='admin');"

  3. You may receive another constraint error when trying admin:

     ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`eflow`.`ec_event_subscription`, CONSTRAINT `fk_event_subscription_user` FOREIGN KEY (`user_id`) REFERENCES `ec_user` (`id`))

  4. If you receive the foreign key error for table ec_event_subscription, delete the constraint violating rows in ec_event_subscription:

     /opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_event_subscription where user_id in (select id from ec_user where name='admin');"

Once all Foreign Key constraints are resolved and run the delete admin user command again, then:

  1. Restart the ElectricCommander server. The admin user is recreated with the default password 'changeme'.