Treat admins as another user

[ok-nick]

Admins should be more generic and they should be considered as a user with extra permissions.

Pros:

• Public key authentication for admins (without this, it kinda ruins the point of public keys)
• Easier accessibility and better UI (everything is in one place, you don't need to keep re-logging in and out)
• Fewer overall accounts
• Transfer files directly to an admin account
• Less complexity

Cons:

• Nothing

[drakkan]

Admins are generally "internal" users that can create external "users". I know about many installation that expose the user UI to the outside world while the admin ui is private and only reachable on an internal network. If someone break a user account is limited to the user scope and not to the admin scope (an admin can potentially delete all the users).

Public key authentication is related to the SSH protocol, admins use HTTP protocol, you can configure client certificate authentication in addition to user/password if you want.

I think the UI will be even more complex if we mix admin and user in the same interface

[BobSilent]

I think the idea or intention here is not to combine the admin and the user interface into a single entry point/interface.
I personally also like the separation of the two UIs as both serve different purposes.

But what I also would like to have is to be able to "elevate" or "promote" a user to be able to login into the admin UI.
So the same user can afterwards login in Client UI and Admin UI.
The main idea behind this is: To be able to maintain the admins and permissions in my user directory and not within sftpgo.

stfpgo's purpose is not a "user management" tool but a

Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob

which can also do user handlings in simple scenarios. So it does not require to setup an additional user management.

[drakkan]

I think the idea or intention here is not to combine the admin and the user interface into a single entry point/interface. I personally also like the separation of the two UIs as both serve different purposes.

But what I also would like to have is to be able to "elevate" or "promote" a user to be able to login into the admin UI. So the same user can afterwards login in Client UI and Admin UI. The main idea behind this is: To be able to maintain the admins and permissions in my user directory and not within sftpgo.

stfpgo's purpose is not a "user management" tool but a

Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob

which can also do user handlings in simple scenarios. So it does not require to setup an additional user management.

Users and admins are in separate provider tables/buckets. Adding a relation between these objects will increase the complexity with no obvious benefit. I think we could add external authentication and/or pre-login hook for admins too. This will allow to use external admins as we already do for the users.

Please note that I'm not going to review (and/or fix) large PRs for free anymore. Once I'll merge a PR I have to maintain it forever and fix any reported bugs and/or design issues that I could initially miss. I learned this the hard way. Hope you understand. Thanks