User Manager¶
t1n1wall supports multiple local user accounts for web GUI access. Users can be members of groups, enabling role-based access control.
Web UI location¶
System > User Manager
The view and available actions differ based on who is logged in: - Admin account: Full user management (add, edit, delete any account) - Regular users: Can only change their own password
Users¶
Username rules¶
- Alphanumeric characters, dash (
-), underscore (_), and dot (.) only - No spaces or special characters
- Cannot match the
adminusername - Must be unique
Password¶
- Set at creation; confirmation field must match
- Cannot contain a colon (
:) - Leave blank when editing to keep the existing password unchanged
- Stored as a crypt hash; plaintext is never retained
Full name¶
Informational field only. No access or authentication impact.
Group assignment¶
A user can be assigned to one group. The group must be created before it can be selected. See Groups below.
Groups¶
System > Group Manager
Groups allow you to define roles and assign permissions collectively rather than per-user.
| Field | Notes |
|---|---|
| Group name | Identifier for the group |
| Description | Purpose of the group |
Assign users to groups via the User Manager. A user without a group assignment has no group-based permissions.
Admin account¶
The built-in admin account is the primary system administrator. It cannot be deleted via the web UI and has full access to all configuration pages.
Additional users can be created for operators who need access to the web GUI. Restrict access appropriately based on operational need.
Password change for regular users¶
A user who is not the admin can log in and will see only a password change form. They cannot view or modify any other configuration. This is intentional — it provides a way for non-admin users to update their credentials without exposing the rest of the UI.
Captive portal users¶
Captive portal has its own separate user list under Services > Captive Portal > Users. These are distinct from system web GUI users and are used only for captive portal authentication.