How to create the first administrator user of an application?

Question

Consider a simple web application that accepts user logins. Each user can have a profile (read-only, normal, administrator etc) and each profile dictates the user’s rights (he can only look at data, he can modify data but only if it is its own, he can do everything if he is an administrator etc).

Only an administrator can create other users. But when the application is first installed there is no data and no users in the database.

I was wondering what is the best way to create the first administrator user of the application.

Do you:

• Provide the client with a wizard app that allows it to create the user?
• Do you pre-insert this user in the database (i.e. the only data available after creating the database will be this user)?
• On first run of the application, the application detects that it has no data and provides a page to create the user. From there on, this is used to create the other users... etc

Is there a best way of doing this, or at least some often used method? Were you in a similar situation? What solution did you adopt?

Thank you!

Answer 1

Often the method used is to create a default admin user, named for example "admin", with no password or with a very easy password. Of course, on the first login this admin user should be forced to change its password (though this is not so often done).

Answer 2

Many applications these days have a built in admin account.

Example, "SA" in sql server. "Admin" usually on wireless routers.

I would follow this trend and have a default admin account.

You could prompt the user on first run to set a password for this account.

If something dramatic happens to the application you also know you have a "way in" to correct any issues regarding user accounts.

Answer 3

Random idea, since I was thinking about the same in relation to implementing OpenID on my site ;-) What about: the first user to register on the site, eg using OpenID, is automatically admin. There is a slight race condition, in the event that someone beats you to it and becomes admin :-P but it seems like a fairly trivial race condition, in general, given that many applications default to running an installer the first time you use them, eg phpbb, mediawiki et al.

Actually, in the future, I think that what I might do is: during installation, ask for the administrator's openid, and that account becomes the admin. Then, no need to manage passwords, storing passwords, password retrieval etc ....

Answer 4

In my opinion, this really depends on how important security is to you, and to the possible users of your web application. The most secure way to provide the first account would definitely by the wizard app you've already mentioned, because that way the installing user is forced to set a password. If you provide a default administrator, chances are that the administrator will forget to change the default password, or just be too lazy to change it, thus opening the way to one of the simplest exploits available. Your last idea, showing a page to create an admin on first page visit, is not very recommendable, as there always could be a user which visits the page before the admin does.

Answer 5

There is no "best way" for this kind of thing. Pick the one that works best for your situation.

I don't see the difference between your option 1 and option 3, so I'll just compare "provide a form to create at install/firstrun" to "have sensible defaults"

Pros of created at install/firstrun:

• Allows user easy and obvious customizability
• If your app gets popular, prevents scripts from appearing that just attempt to log in with default admin account
• User doesn't need documentation to figure out how to log in as admin

Pros of sensible defaults:

• Easier implementation
• Easier documentation writing (don't have to reference yourusername and yourpassword all over the place in your docs)
• Possibly easier to allow 3rd parties to write an installer/customizer wrapper script for your application