Meshcentral: Remove Account from Command Line

Created on 26 May 2020  路  10Comments  路  Source: Ylianst/MeshCentral

You can run node meshcentral --createaccount to make an account

I suggest a node meshcentral --removeaccount to remove an account.

Fixed - Confirm & Close enhancement
Source
picture MordyT

All 10 comments

Published MeshCentral v0.5.45 with support for --removeaccount, let me know if it works.

Ylianst picture Ylianst on 27 May 2020

Pardon my ignorance, is this different than /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshctrl.js RemoveUser, or is it that we can use either now?

  RemoveUser                - Delete a user account.

Also, upgrading to 0.5.45 the method doesn't seem to work for me in Linux:
If I list users:

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshcentral.js --listuserids
user/domain2/admin

Then I try and remove that user, it tells me the userid is incorrect, but also wants the domain (although the domain is in the userid)

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshcentral.js --removeaccount user/domain2/admin
Unknown userid, usage: --removeaccount [userid] --domain (domain).

If I provide the domain, the result is the same, not sure what I'm doing wrong here.

root@ubuntu1804:~# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshcentral.js --removeaccount user/domain2/admin --domain domain2
Unknown userid, usage: --removeaccount [userid] --domain (domain).

I tried it with non admin accounts, the result is the same.

darryl-h picture darryl-h on 27 May 2020

meshctrl.js removeuser is better because it's going to correctly connect to MeshCentral and remove the user and it's privileges correctly and event the new state.

What is not written here (sorry for missing context) is that during single sign-on testing, we created an invalid user that could not be removed normally, 'meshcentral --removeaccount` does a direct database call to remove the user entry in the database. So, it was a way to get around a bad database entry. In reality, it should probably remain undocumented and meshctrl.js should be used.

Ylianst picture Ylianst on 27 May 2020
👍1

ah, I was hoping that it was the same, there seems to be a bug (for me) with the loginkey, will continue to file the new bug..

Additionally, you may want to consider updating the help for --removeaccount, I think it should be --removeaccount [username] --domain [domain] not
--removeaccount [userid] --domain (domain)

This works:

# /usr/bin/node /opt/meshcentral/node_modules/meshcentral/meshcentral.js --removeaccount admin --domain domain2
Done.
darryl-h picture darryl-h on 27 May 2020
👍1

Note that you need to pass the UserID only, so this should work:

node meshcentral.js --removeaccount admin --domain domain2

In any case, please use meshctrl.js, if you use meshcentral.js to do these operations, you should really have the server stopped.

Ylianst picture Ylianst on 27 May 2020
👍1

Note that you need to pass the UserID only, so this should work:

The output from the --listuserids method confused me. :( Thanks for the clarification!

darryl-h picture darryl-h on 27 May 2020

So, now there is the problem of username vs userid. When using Single Sign-On (SSO), the user's name will be "Bob Smith" but the full user identifier will be "user/domain/~reddit:[email protected]". So now, I need 3 names for:

Bob Smith
~reddit:[email protected]
user/domain/~reddit:[email protected]

I guess it could be "username", "userid" and "fulluserid"? In the case of the userid, I can detect if the domain is present or not, so I can fix that.

Ylianst picture Ylianst on 27 May 2020
👍1

In reality, it should probably remain undocumented and meshctrl.js should be used.

In the current version, this appears in the help

   --removeaccount [userid]          Remove a user account.

I guess it could be "username", "userid" and "fulluserid"? In the case of the userid, I can detect if the domain is present or not, so I can fix that.

Since we can get the full user ID from the --listuserids, that (to me) seems to be the least ambiguous way and also contains the domain, so one less argument required as well, and happens to match the DB _ID value, but to be honest, since we don't use SSO (yet) we don't really have any visibility into the SSO entity. If you are saying to accept all 3 methods, that works too, but seems like a lot of work for you, if the better way is to use meshctrl.

In any case, please use meshctrl.js, if you use meshcentral.js to do these operations, you should really have the server stopped.

Agreed! FYI, removing from the database in this way is the same thing as I have observed with my direct DB edits, the service must be restarted after this change, if not, the deleted user is still able to login, and is still visible as a user in the UI, you may want to advise the user to restart the service in the future, or add/allow the restart switch (--restart?) in the same command, because this will terminate current sessions.

darryl-h picture darryl-h on 27 May 2020

Ok, I just checked in some more improvements. The help page clearly indicates these are recovery commands that should be used when the service is offline. Also, "userid" can now be both the short or long format. If the short format is used, the default domain is used unless --domain is specified.

MeshCentral v0.5.45, remote computer management web portal.
This software is open source under Apache 2.0 licence.
Details at: https://www.meshcommander.com/meshcentral2

Run as a background service
   --install/uninstall               Install MeshCentral as a background service.
   --start/stop/restart              Control MeshCentral background service.

Run standalone, console application
   --user [username]                 Always login as [username] if account exists.
   --port [number]                   Web server port number.
   --redirport [number]              Creates an additional HTTP server to redirect users to the HTTPS server.
   --exactports                      Server must run with correct ports or exit.
   --noagentupdate                   Server will not update mesh agent native binaries.
   --listuserids                     Show a list of a user identifiers in the database.
   --cert [name], (country), (org)   Create a web server certificate with [name] server name.
                                     country and organization can optionaly be set.

Server recovery commands, use only when MeshCentral is offline.
   --createaccount [userid]          Create a new user account.
   --resetaccount [userid]           Unlock an account, disable 2FA and set a new account password.
   --adminaccount [userid]           Promote account to site administrator.
   --removeaccount [userid]          Remove a user account.
Ylianst picture Ylianst on 27 May 2020
👍1

@Ylianst since I removed it via the DB directly, I can't test this. Feel free to close.

MordyT picture MordyT on 27 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

petervanv picture petervanv  路  3Comments
whalehub picture whalehub  路  3Comments
robclay picture robclay  路  3Comments
veitw picture veitw  路  4Comments
unguzov picture unguzov  路  3Comments