Users groups and permissions

You can access the groups and permissions management interface from the webadmin by going into the 'Users' section and clicking the corresponding button:

Managing groups

The group mechanism can be used to define groups of users which then can be used to restrict permissions for applications and other services (such as mail or XMPP). Note that it is not mandatory to create a group to do so: you can also restrict access to an app or service on a user-per-user basis.

Using groups is however useful for semantics, for example if you host multiple groups of friends, associations or businesses on your server, you might want to create groups like association1 and association2 and add members of each association to the relevant group.

It's also possible to define mail aliases for a group, such that mails sent to groupe@domain.tld will be dispatched to all members of the group.

Default groups

By default, two special groups are created:

  • all_users, that contain all users registered on YunoHost,
  • visitors, that applies to people viewing the server while not logged in.

The content of those groups cannot be changed, only the permissions given to them.

List existing groups

The existing groups are listed at the top of the groups and permissions page.

Creating a new group

To create a new group, simply click on the "New Group" button at the top of the page. You may only choose a name formed with letters (uper- and lowercase) and spaces. The group is created empty and without any permission.

Updating a group

Let's add a first to this group: in the group panel, click the button "add a user" and scroll to the desired user, then click on it.

To remove a user, click on the cross next to their username, in the group panel.

Deleting groups

To delete a group, click on the red cross on the top right of the group panel. You will be asked for confirmation.

Managing permissions

The permission mechanism allow to restrict access to services (for example mail, XMPP...) and apps, or even specific parts of the apps (for example the administration interface of WordPress).

List permissions

The groups page lists the permissions given to each group, including the special groups all_users and visitors.

Add accesses to group or users

To add a permission to a group, simply click the "+" button in the group panel, scroll to the desired permission, then click on it.

Note that you can also allow a single user, by using the specific panel at the bottom of the page.

Note that some permissions may be "protected", meaning that you won't be able to add/remove the visitor group to this permission. Generally, this is because it would make no sense (or is a security risk) to do so.

The webadmin will issue a warning if you set a permission that is superseded by a wider permission.

Hide/display specific tiles in the user portal

Since YunoHost 4.1, you can choose to hide/display specific tiles in the SSO.

In the webadmin, you can do so by going in the corresponding app view, go in Manage label and tiles and check/uncheck the option Display the tile in the user portal for the corresponding permission.

Config alias group

Each group can use mail aliases, but their configuration is only available from the CLI so far. For example, the admins group is configured with aliases such as admins@domain.tld, root@domain.tld ... : mail sent to these addresses will be dispatched to all members of the admins group.

The command yunohost user group info will list them.

$ yunohost user group info admins
  [...]
  mail-aliases:
    - root@maindomain.tld
    - admin@maindomain.tld
    - admins@maindomain.tld
    - webmaster@maindomain.tld
    - postmaster@maindomain.tld
    - abuse@maindomain.tld
  [...]

To add a new mail, use the action add-mailalias or remove-mailalias to delete it.

$ yunohost user group add-mailalias <group> <address@domaine.tld>

Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to suggest changes.