jerminat0r 6 Posted July 17, 2024 Posted July 17, 2024 Hello! I'm not sure what happened and wanted to check my server settings before I started over (along with capture a current backup) but noticed that my user is no longer an administrator. I've checked every which way I can remember to, but I don't have the "server settings" option anywhere anymore. I can't tell you when I last remember it worked, only that it's been more than a couple months as I haven't "needed" to login to that part. Maybe since beginning of the year? It wasn't even physically running from like... april-june ish. Is there a way for me to manipulate the emby servers' user data from within the OS? or am I SOL? Running on Debian and I have full sudo / su access to the physical server itself. I was worried maybe my server got "discovered" and potentially hacked but not sure to what end as there has not been any noticeable traffic increases or changes from it in my firewall logs (on any ports, let alone the emby server ports specifically) and I looked at them as far back as they go (currently 60 days). None of my "server users" are common to the core physical server user or use any of the same passwords. I did notice some strange errors related to MySQL within my TV app and phone's android app a while back, but they went away after running apt-get upgrade and doing a reboot (granted correlation is not necessarily causation, it's just all the anecdote I have).
Luke 42077 Posted July 17, 2024 Posted July 17, 2024 Hi, the server will always make sure there is at least one admin user whenever you restart the server. do you remember the names of other users on your server? What you could do is logout and do forgot password, and leave the username blank. This will reset the password for all users on your server, and in the process of doing so, it will tell you the names of all users that info might help you get back in as an admin.
jerminat0r 6 Posted July 17, 2024 Author Posted July 17, 2024 18 minutes ago, Luke said: Hi, the server will always make sure there is at least one admin user whenever you restart the server. do you remember the names of other users on your server? What you could do is logout and do forgot password, and leave the username blank. This will reset the password for all users on your server, and in the process of doing so, it will tell you the names of all users that info might help you get back in as an admin. I did what you said and saw it created a "password.txt" file with instructions. I don't have remote access to the command line but I will check it after I get home from work a little bit. Thank you! 1
adminExitium 355 Posted July 17, 2024 Posted July 17, 2024 1 hour ago, Luke said: What you could do is logout and do forgot password, and leave the username blank. This will reset the password for all users on your server Am I understanding this wrong, and this requires a specific scenario, or can any user (or any non-user for that matter) on the server do this and force a reset for everyone else on the server, including the admin account? If so, that seems like a severe security oversight.
Luke 42077 Posted July 17, 2024 Posted July 17, 2024 2 minutes ago, adminExitium said: Am I understanding this wrong, and this requires a specific scenario, or can any user (or any non-user for that matter) on the server do this and force a reset for everyone else on the server, including the admin account? If so, that seems like a severe security oversight. Not without physical access to the server data folder. 1
darkassassin07 652 Posted July 17, 2024 Posted July 17, 2024 It doesn't grant them access to user accounts without access to the data folder; but if someone was to perform this reset, the admin would then have to go re-set all their users passwords, no? Ie, if I had a random emby servers address (a server I have no affiliation with); I could trigger this reset on it, locking all of its users out until the admin fixes it?
jerminat0r 6 Posted July 17, 2024 Author Posted July 17, 2024 3 hours ago, Luke said: Hi, the server will always make sure there is at least one admin user whenever you restart the server. do you remember the names of other users on your server? What you could do is logout and do forgot password, and leave the username blank. This will reset the password for all users on your server, and in the process of doing so, it will tell you the names of all users that info might help you get back in as an admin. I was able to get it all sorted once I got home, thank you for this! This is now solved. 1 hour ago, adminExitium said: Am I understanding this wrong, and this requires a specific scenario, or can any user (or any non-user for that matter) on the server do this and force a reset for everyone else on the server, including the admin account? If so, that seems like a severe security oversight. Anyone could go through the initial steps, but to follow through and actually reset all the passwords you need to physically access the system folder for a text file that generates a random pin with expiration, that can only be used at a very specific URL that you have to copy/paste manually. Give it a try and you'll see. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now