Skip to content

Ensure initial admin password is set and visible during non-interactive installs #605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Bladestar2105 merged 1 commit into from
May 26, 2026
Merged

Ensure initial admin password is set and visible during non-interactive installs #605

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ chmod +x proxmox.sh

### First Time Setup
- **Default Username**: `admin`
- **Default Password**: Automatically generated (check your console output).
- **Default Password**: Set by `scripts/install.sh` and printed at the end of the install (also saved as `INITIAL_ADMIN_PASSWORD` in `/opt/iptv-manager/.env`).
- **Important**: Change password immediately after login.

### CORS Configuration
Expand Down
16 changes: 15 additions & 1 deletion scripts/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,22 @@ cd "$INSTALL_DIR"
echo ">> Installing application dependencies..."
npm install

# Setup environment variables
# Create an initial admin password so it is always visible in non-interactive installs
if [ ! -f ".env" ]; then
echo ">> Setting up .env file..."
cp .env.example .env
echo ">> .env file created. Please configure it later if needed."
fi

if ! grep -q '^INITIAL_ADMIN_PASSWORD=' .env || [ -z "$(grep '^INITIAL_ADMIN_PASSWORD=' .env | cut -d'=' -f2-)" ]; then
INITIAL_ADMIN_PASSWORD_GENERATED=$(openssl rand -hex 8)

@chatgpt-codex-connector chatgpt-codex-connector Bot May 26, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Install or validate openssl before generating password

The new password generation path now hard-depends on openssl rand -hex 8, but this installer does not ensure the openssl binary is present before calling it. Because the script runs with set -e, systems where openssl is missing will abort the installation at this step, leaving users with a partial install instead of a recoverable fallback.

Useful? React with 👍 / 👎.

sed -i "s|^INITIAL_ADMIN_PASSWORD=.*|INITIAL_ADMIN_PASSWORD=${INITIAL_ADMIN_PASSWORD_GENERATED}|" .env

@chatgpt-codex-connector chatgpt-codex-connector Bot May 26, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Restrict .env permissions before persisting admin password

Writing INITIAL_ADMIN_PASSWORD into .env here creates a plaintext credential file that is later made world-readable by the existing chmod -R 755 "$INSTALL_DIR" step in the same script (scripts/install.sh lines 80-81). On multi-user hosts, any local unprivileged user can read /opt/iptv-manager/.env and log in as admin until the password is changed, so this introduces a concrete credential exposure during fresh installs.

Useful? React with 👍 / 👎.

echo ">> Generated initial admin password and saved it to .env"
else
INITIAL_ADMIN_PASSWORD_GENERATED=$(grep '^INITIAL_ADMIN_PASSWORD=' .env | cut -d'=' -f2-)
echo ">> Reusing existing INITIAL_ADMIN_PASSWORD from .env"
fi

# Create a dedicated user for security
echo ">> Creating iptv-manager user..."
if id "iptv-manager" &>/dev/null; then
Expand Down Expand Up @@ -107,6 +116,11 @@ echo ">> You can access the application at: http://$(hostname -I | awk '{print $
echo ">> To check the logs, run: sudo journalctl -u iptv-manager -f"
echo ">> To update in the future, run: sudo ./scripts/update.sh from the $INSTALL_DIR directory."
echo ""
echo ">> Initial WebUI admin credentials:"
echo " Username: admin"
echo " Password: ${INITIAL_ADMIN_PASSWORD_GENERATED}"
echo " (Stored in $INSTALL_DIR/.env as INITIAL_ADMIN_PASSWORD)"
echo ""
echo "Note: The default port is 3000. Ensure it is open in your firewall."
if command -v ufw > /dev/null; then
echo ">> If you are using UFW, you can open the port with: sudo ufw allow 3000/tcp"
Expand Down
Loading