Open Beta v7.6 | Please help testing and hardening the upcoming release

All infos can be found on GitHub: https://github.com/MichaIng/DietPi/issues/4728

Many thanks to all testers :sunglasses:!

There is a problem with FileBrowser user dietpi doesn’t have ADMIN and SHARE permissions.
I fixed it.

dietpi-services stop filebrowser 
/opt/filebrowser/filebrowser users update dietpi --perm.admin --perm.share -d /mnt/dietpi_userdata/filebrowser/filebrowser.db

Yap we will have a look. Thx

DietPi v7.6 has just been released. Many thanks to all testers! :heart:

Any idea on how to change the path from /mnt to /?

you can try following

cd /mnt/dietpi_userdata/filebrowser
dietpi-services stop filebrowser
/opt/filebrowser/filebrowser config set -r /
dietpi-services start filebrowser

That did it! As always, thank you for the help!

So my next question would be how to set permissions for the ‘dietpi’ user to access /root?

This is a bad idea. Leave /root as it is. If you need to store something as dietpi user, use /home/dietpi

yes, what is the reason for trying to get web browser access to /root. Due to security we decided for a different user without root-user privileges. :wink:

at the end a lot of thinks are possible even to switch file browser user.

Indeed /root is the “root” users home directory, and it breaks the basic privacy and security ideas to grant any user access to another users home directory, most importantly the root users home directory. Home directories may contain secret private keys, like for SSH and other sensitive stuff, that must not be accessed by anyone else.

Since File Browser runs as “filebrowser” service user, this also applies to /home/dietpi, although much less critical.

For sharing files across users, I recommend a directory outside of any users home. If shared write permissions are required, use a shared group, like it is done with /mnt/dietpi_userdata and the “dietpi” group.

I respectfully disagree as you are unaware of my intentions. :slight_smile: Since I live alone and am very privacy oriented in my endeavours (multiple VPN routing policies, self-hosted recursive DNS server, firewalled at the router, expanded firewall setups on all of my PC’s, etc.), I am not concerned with unauthorized access. Additionally, I have root access setup (Samba or FTP) with most of my Pi’s so I can access files easier (although the Pi’s running backend security do not have root access since they have access outside of my LAN).

Furthermore, this particular Pi that I am working on is my Development/Testing Pi and is not “mission-critical” to anything. I am one of those people that likes to explore new software to get familiar with it as well as to expand my intermediate knowledge of coding (in otherwords, I like to tinker with things).

My reason is simply to test different things as mentioned above. And as you said, there are many possiblities and I wanted to explore! :wink:

Yes, I understand that it breaks the very essence of security. After reviewing the Filebrowser website, I tried running a permissions change command but was unable to - basically the reason why I asked is because I am failing to understand Filebrower’s command line syntax/structure, and with examples I can better understand it. For example, the first question I asked about accessing files outside of /mnt/dietpi_userdata helped me understand their syntax more.

Either way, I appreciate the help - no need to provide me with an answer to this question since I really don’t need access to it!

Apart from security aspect, incorrect file and folder permissions can render the system unusable. Changing permissions on linux is something trivial. Therefore if you don’t know that, you are classified as a novice user. And linux doesn’t protect you from breaking your own system the way windows do. Take all these into consideration and decide what is best for you. It is our duty to warn you.

just to avoid a misunderstanding. File system access on OS level is not defined somewhere in filebrowser application or can be changed using filebrowser command line tool. This we defined on the service file we created. There we set OS user filebrowser as the one who is running the service. And this OS user is used to perform all activities on the OS/file system. As this user has no root permission, he is not able to access directories or files that or owned by user root. As well this user has nothing to do with the user you use to login to filebrowser web side. filebrowser has an own user management allowing to manage web side access only.

Coming back to the original question: you would need to adjust the service to gain root access.

There is no need to “classify” me as it seems that your understanding of my question is not valid. I will not discuss this further as you have not provided any assistance expect to make assumptions. What you have stated is something that I already understand - please review my responses.

Thank you - and yes, I understand. I have already configured root access via Filebrowser as of early this morning. I appreciate your explanation, and I understand the reasoning behind how Diet Pi has configured permissions for this software.

Please consider my inquiry, closed.