Fossil: View Ticket

Ticket UUID:	ca08d51f19e34404ee0e174ff7e1123ab1eacf1d
Title:	default users and passwords are not well documented
Status:	Fixed	Type:	Documentation
Severity:	Important	Priority:
Subsystem:		Resolution:	Fixed
Last Modified:	2008-11-20 01:10:33
Version Found In:	c66ffba6da
Description & Comments:
As a new user, I installed Fossil on a remote Linux server, created a repository, and ran 'fossil server' using my repository. Then I ran the browser on my Windows PC. Not knowing any better, I logged in as anonymous. I tried to configure my repository as documented on the Quickstart page, but the Setup link was not available on the menu bar. I made a significant but not exhaustive search through the online documentation, but did not find anything helpful. Eventually it occurred to me to run SQLite to see what was in the database, and from there I found that a user had been created with the name of the Linux account from which I created the repository. This account had a blank password, but I could not log in with a blank password. I used SQLite to change the password and then I could log in as that user. Since that user had the Setup privilege, I could now use all the features in the system. A person running into this difficulty might abandon further exploration in the project and never return. In addition to prominently documenting the default accounts and passwords, I think the default Setup account should start with a non-blank password. drh added on 2008-11-20 00:45:52: If, instead of installing your repository on a server right away, you had simply typed: fossil ui <repository-name> Then a webbrowser would have popped up automatically and with full setup privileges. The default configuration is that any connections coming from 127.0.0.1 have setup privilege. You can change that on the Setup/Access screen. But the default is useful in that it lets you set up lots of user accounts without first having to create a "setup" user using the command-line. Nevertheless, we will try to figure out a reasonable place to put an explanation of your problem and its solution in the documenation. drh added on 2008-11-20 01:10:33: Rather than add documentation (which is likely to be hard to find) how about this approach. When a new repository is created, a random password is created for the administrator and that new password is printed on standard output along with the other text that is normally printed when a new repository is created. Then a user can use that password to log in initially (and presumably change the password to something different.) This was added in check-in 0c6ea0d93f. We'll give it a try and see if that helps. Some people might object because the initial password is printed on screen - allowing it to be read over-the-shoulder. The intent of this initial password is to be temporary, so hopefully that will not be a serious concern.