scripte/zmb-webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dokumentation: Data Persistence für System- und Samba-User

Browse Source 
- Erklärung: Lokale und erstellte Samba-User bleiben über App-Updates erhalten
- Deployment korrigiert: PAM-User mit useradd erstellen statt nicht-existierendem auth_service.add_user()
- Neues Kapitel "Data Persistence" mit Details zu:
  - System-Benutzer (PAM, /etc/passwd)
  - Samba-User (TDB/Registry)
  - Samba Shares & Config
  - NFS Exports
  - ZFS Pools (Hardware-level persistence)
- Klarstellung in "Important Constraints": Benutzer überleben App-Redeployments
- Port korrigiert: 9090 → 8090

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
Patrick
2026-04-22 10:34:16 +02:00
parent 696cb664b1
commit 88a710f136
1 changed files with 55 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CLAUDE.md
+55 -7
View File
@@ -191,7 +191,10 @@ cd /opt/zmb-webui/backend
python3 -m venv venv python3 -m venv venv
source venv/bin/activate source venv/bin/activate
pip install -r requirements.txt pip install -r requirements.txt
python3 -c "from services.auth import auth_service; auth_service.add_user('admin', 'password')"
# Create system user for WebUI login (uses PAM authentication)
useradd -m -s /bin/bash webadmin
echo "webadmin:yourpassword" | chpasswd
# Run via systemd (or nohup for testing) # Run via systemd (or nohup for testing)
nohup python3 main.py > /tmp/zfs-backend.log 2>&1 & nohup python3 main.py > /tmp/zfs-backend.log 2>&1 &
@@ -211,6 +214,50 @@ scp -r frontend/out root@192.168.1.179:/opt/zmb-webui/frontend/
npm run dev -- -p 3000 # Access via http://192.168.1.179:3000 npm run dev -- -p 3000 # Access via http://192.168.1.179:3000
``` ```
## Data Persistence
All user and configuration data is **persisted on the system** not stored in the application. This means data survives application restarts, updates, and redeployments:
### System Users
- **Location**: `/etc/passwd`, `/etc/shadow`
- **Creation**: `useradd -m webadmin; echo "webadmin:password" | chpasswd`
- **Persistence**: ✅ Survives application updates, restarts, reinstalls
- **Management**: Via CLI (`useradd`, `userdel`, `passwd`) or WebUI (`/identities` page)
- **Note**: WebUI uses PAM authentication users must exist as system users
### Samba Users
- **Location**: Samba TDB database (e.g., `/var/lib/samba/private/sam.tdb`) or Registry
- **Creation**: `smbpasswd -a username` or via WebUI (`/identities` → "Set Samba Password")
- **Persistence**: ✅ Survives application updates, restarts, reinstalls
- **Backup tip**: Backup `/var/lib/samba/private/` directory to preserve user database
### Samba Shares & Config
- **Location**: `/etc/samba/smb.conf` or Samba Registry (`net conf`)
- **Creation**: Via WebUI (`/shares` page) or CLI
- **Persistence**: ✅ Survives application updates, restarts, reinstalls
- **Editable**: Changes made in WebUI are written directly to config files
### NFS Exports
- **Location**: `/etc/exports`
- **Creation**: Via WebUI (`/shares` page) or CLI
- **Persistence**: ✅ Survives application updates, restarts, reinstalls
- **Reload**: `exportfs -r` is called automatically after changes
### ZFS Pools & Datasets
- **Location**: ZFS metadata (on-disk, hardware managed)
- **Creation**: Via WebUI (`/pools`, `/datasets` pages)
- **Persistence**: ✅ Persists across all updates and restarts (hardware level)
- **Note**: ZFS data is never modified by application code only read
### Update Safety
When deploying updates (redeploying backend/frontend code):
1. System users are **NOT** affected still exist, still work
2. Samba users are **NOT** affected database persists
3. File shares are **NOT** affected config files persist
4. All WebUI pages will continue to work with existing data
**No user re-creation required on updates.**
## Architecture Patterns & Key Files ## Architecture Patterns & Key Files
### Router Pattern (Backend) ### Router Pattern (Backend)
@@ -292,12 +339,13 @@ Useful on weak hardware: ISR pre-computes static pages on rebuild, serving cache
## Important Constraints & Gotchas ## Important Constraints & Gotchas
1. **PAM Authentication**: Uses system PAM (via `pam` package). Must run as root for `/etc/shadow` access. 1. **PAM Authentication**: Uses system PAM (via `pam` package). Must run as root for `/etc/shadow` access. Users must exist as system users (`useradd`) no local user database. Users created in WebUI are persisted to `/var/lib/samba/private/` (Samba users) or system groups.
2. **ZFS Commands**: Require root or proper sudo configuration. Test with `sudo zpool list`. 2. **User Persistence**: System users (Linux) and Samba users are stored on disk and survive application updates. No user re-creation needed on redeployment.
3. **Frontend Build on Pi**: Node.js build is slow on ARM64 (4-10 min). Build on x86 and copy instead. 3. **ZFS Commands**: Require root or proper sudo configuration. Test with `sudo zpool list`.
4. **CORS in Production**: Default allows all origins (`["*"]`). Change in `main.py` before exposing. 4. **Frontend Build on Pi**: Node.js build is slow on ARM64 (4-10 min). Build on x86 and copy instead.
5. **Static Export Mode**: Cannot use dynamic API routes in Next.js. All data fetched client-side. 5. **CORS in Production**: Default allows all origins (`["*"]`). Change in `main.py` before exposing.
6. **Port 9090**: Default for ZMB Webui (replaces Cockpit). Adjust in nginx/systemd if needed. 6. **Static Export Mode**: Cannot use dynamic API routes in Next.js. All data fetched client-side.
7. **Port 8090**: Default for ZMB Webui (HTTPS via nginx). Adjust in nginx/systemd if needed.
## Memory Usage ## Memory Usage