KBEC-00030 - Resetting the admin user's password - even if the current password is not known

Description

You might want to reset the admin password for a number of reasons:

  • After installing ElectricCommander, you want to lock-down the system. Changing the admin password is the first task to accomplish system lock-down.
  • The admin user password may be lost.
  • An employee who knows the admin password has left the company, and it is a standard security policy to change all admin passwords for all accessible systems.

Solution

Three scenarios with a different solution for each:

The current admin password is known

  1. Log in as admin
  2. Go to the Administration tab > Users subtab
  3. Edit the admin user
  4. Enter the current and new passwords

A non-admin user has modify privileges on the admin user object

  1. Log in as that user
  2. Go to the Administration tab > Users subtab
  3. Edit the admin user
  4. Enter the logged-in user’s password
  5. Enter the new admin password

The ACL inheritance hierarchy for users is Server -> Directory -> User. Typically, one or more users/groups have the modify privilege on the Server, so those users/groups can modify the admin user.

No user has modify privileges on the admin user

  1. Shut down the ElectricCommander server

  2. Log into the database directly and delete the admin user
    For example, in MySQL (for pre-v6.0 installs):

    mysql -D eflow -u root -pcommander -e "delete from ec_user where name = 'admin'"
    

    For the built-in MariaDB database (v8.3 or newer) use:

/opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_user where name = 'admin'"
Foreign Key Constraint Possible Error output
  1. You may encounter an error deleting admin:

    ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`eflow`.`ec_user_persona`, CONSTRAINT `fk_persona_user` FOREIGN KEY (`user_id`) REFERENCES `ec_user` (`id`))
    
  2. If you receive this error the remedy is to delete the constraint keys found in ec_user_personas table:

    /opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_user_persona where user_id in (select id from ec_user where name='admin');"
    
  3. You may receive another constraint error when trying admin:

    ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`eflow`.`ec_event_subscription`, CONSTRAINT `fk_event_subscription_user` FOREIGN KEY (`user_id`) REFERENCES `ec_user` (`id`))
    
  4. If you receive the foreign key error for table ec_event_subscription, delete the constraint violating rows in ec_event_subscription:

    /opt/electriccloud/electriccommander/mariadb/bin/mysql --socket=/opt/electriccloud/electriccommander/conf/mariadb/mariadb.sock -u root -pchangeme -D eflow -e "delete from ec_event_subscription where user_id in (select id from ec_user where name='admin');"
    

Once all Foreign Key constraints are resolved and run the delete admin user command again, then:

  1. Restart the ElectricCommander server. The admin user is recreated with the default password ‘changeme’.

Have more questions?

1 Comments

  • 0
    Avatar
    Shaohua Wen

    After deleted user and then re-connect the Flow instance, the flow server may stuck due to the id of the user has changed. For example, if in a Release pipeline, there are a approval gate, and in the gate, "admin" has been assigned, then when we try to open the Release pipeline after re-created the user, web UI will stuck. and you will see a lot of Db WARN messages in commander.log like:

    2020-12-16T04:12:39.191 | WARN | pool-001-001 | 9729 | | getReleases tx.cleanupAfterThrowing | LoadContexts | HHH000100: Fail-safe cleanup (collections) : org.hibernate.engine.loading.internal.CollectionLoadContext@241fea3<rs=HikariProxyResultSet@301144572 wrapping com.mysql.jdbc.JDBC42ResultSet@47abbd54>
    2020-12-16T04:12:39.191 | WARN | pool-001-001 | 9729 | | getReleases tx.cleanupAfterThrowing | CollectionLoadContext | HHH000160: On CollectionLoadContext#cleanup, localLoadingCollectionKeys contained [1] entries
    2020-12-16T04:12:39.192 | DEBUG | pool-001-001 | 9729 | | getReleases | TransactionRetryAspectImpl | Retryable ObjectNotFoundException: 'No row with the given identifier exists: [com.electriccloud.domain.UserEntityImpl#56a5a95c-6406-11ea-8608-0242c2f38ffa]'

    The solution is

    first, we should get the id of the original admin user using below sql (mysql):

    select LOWER(CONCAT_WS('-', SUBSTR(HEX(id), 1, 8), SUBSTR(HEX(id), 9, 4), SUBSTR(HEX(id), 13, 4), SUBSTR(HEX(id), 17, 4), SUBSTR(HEX(id), 21))) as user_id,name from ec_user where name='admin'

    and record the id, example: 56a5a95c-6406-11ea-8608-0242c2f38ffa, and convert it to hex string: 0x56a5a95c640611ea86080242c2f38ffa

    then :

    delete from ec_user where name = 'admin';

    and then re-connect flow to this DB instance, after the admin user has been re-created, run:

    update ec_user set id=0x56a5a95c640611ea86080242c2f38ffa where name='admin'

    Edited by Shaohua Wen
Please sign in to leave a comment.