Users

[herdofem 1]

I setup SSL with my domain to login to Emby and play my music. I've texted that login info to a few friends. By default when they login they can make changes to my library. So could anyone else who may type my domain into Emby on their phone.  Is there a way to limit new/ additional users access by default? 

 

 

[Happy2Play 8356]

Does the User account have "Allow this user to manage the server" enabled.

 

You need to ensure all users have a set password also.  

[herdofem 1]

I guess texting people the domain login is not the way to go. 

 

I was trying to get around making everyone first get an Emby Connect account and then inviting them through that. 

 

How much will they get nagged? Seems not much, based on my limited experience so far. 

[Luke 37254]

Yes i would give them their own user accounts.

[herdofem 1]

Whats to stop aquaintances (deplorables) from installing the Embty app on their phone and entering my domain and the common secure port number and getting into my library?

Shouldn't the the default be no library access unless permitted?

[Luke 37254]

Well now that you've given them credentials, nothing. I would suggest changing the password for your Emby user and then they won't be able to get in anymore.

[herdofem 1]

Currently all they have is my domain name and the port number and I believe they can get in without a password. I can from my phone.

 

I'm not too worried about friends. Whats to stop anyone who knows my domain name from my email address for example, entering my domain in the emby app with the common secure port number and altering my library? 

[Luke 37254]

Ok, what you would want to do is create a password for your emby user and then that will not be possible. Or you can disable remote access altogether if you prefer.

[herdofem 1]

So it seems you can gain access to my library as a device, using my domain and port number. All devices that have been used to access the server are listed with my name on the bottom. I guess the assumption is anyone entering this way is me. 

Listed Users I believe would all have an Emby Connect account which I could then restrict. 

 

So I created a password for my single user account which is me. Now I think all is good. When logging in as a device, (not a user), which my friends who I've give the domain and port # to would do, a password is requested.  

[ebr 14959]

So it seems you can gain access to my library as a device, using my domain and port number. All devices that have been used to access the server are listed with my name on the bottom. I guess the assumption is anyone entering this way is me. 

Listed Users I believe would all have an Emby Connect account which I could then restrict. 

 

So I created a password for my single user account which is me. Now I think all is good. When logging in as a device, (not a user), which my friends who I've give the domain and port # to would do, a password is requested.  

 

Hi.  The only way to log into your server is as a user.  If other's were logging in it must mean your user had no password or you gave them proper credentials to log in.  You should always have a password on your users to control access.

 

Perhaps it was confusing because the apps all default to remember your last logged in user.  So, once someone had logged in, it just took them straight in again.  This can be disabled on the login screen (uncheck "Remember Me").

[Angus Black 4]

As far as I know you don't have to make each user get an Emby Connect account.

Set up your users in the Emby server.

Give each a different password.

Yiou can limit each users Library access, viewing and deleting.

You can limit each users Device used.

Limiting to certain devices can prevent strangers from viewing your Emby server if your users give out their login/password.

[herdofem 1]

OMG Angus (Colonel Angus?). The option to "Add Local User" confused me I guess. I thought this to referred to users on your wifi network. Nope, the added user has complete access, wihich I can tweak as needed, password etc And the added user does not have to be invited with Emby Connect. All added users show up on the phone app login screens, (at your discretion).Cool!

 

Chief Bottle Washer, others can manually login to the phone app. without being a listed User. You login manually, on your phone for example, as a device using the ip or domain name and port #, if the administrative user (the initial user, me, who listed the server with Emby Connect) does not have the account password protected. Or your prompted for a password if it is password protected. Maybe this is what you meant?

 

Yes,I will be keeping my user password to myself from now on. 

[Angus Black 4]

 

...others can manually login to the phone app. without being a listed User. You login manually, on your phone for example, as a device using the ip or domain name and port #, if the administrative user (the initial user, me, who listed the server with Emby Connect) does not have the account password protected. Or your prompted for a password if it is password protected. Maybe this is what you meant?

If your Admin account (you) has a password then users would be prompted for that password if the clicked on your user name.

 

Under each user account there is an option of limiting which devices they can log in from.

So, for example, your brother has a Samsung S8 phone. You can limit him to just using his phone, not any Samsung S8.

So if he gave his login to his parole officer and even of that officer had an S8 he wouldn't be able to login.

 

That's the way I understand it anyway. I haven't actually implemented it.

[MSattler 387]

One of the big issues I have always had with Emby is by default is not secure.  And that is because:

 

1)  The install does not force you to set a password, which it should.

 

2)  Additional users do not get a password, unless you set it.

 

So even adding users doesn't help, unless all of your user accounts have a password.

 

You do have the able to allow local logons without passwords for users.   To this day I still feel like all users should be force to set a password at all times as a default, with allowing the local logon without password as a default.

 

Allowing the default to be unsecure in 2019, makes zero sense.

 

Thanks!

[Angus Black 4]

I don't mind that Emby leaves it up to the server owner to decide.