[GH-ISSUE #439] Cannot delete 'admin' account #342

New issue

Open

opened 2026-02-25 21:31:44 +03:00 by kerem · 3 comments

kerem commented 2026-02-25 21:31:44 +03:00

Owner

Copy link

Originally created by @RefineryX on GitHub (Dec 18, 2021).
Original GitHub issue: https://github.com/ciur/papermerge/issues/439

Originally assigned to: @ciur on GitHub.

Description
I created a new account assigning 'Superuser status' and 'active'. I want this to replace the default 'admin' account however cannot delete the admin account. I have tried both removing and renaming but the account returns on restart.

Expected
When deleting the 'admin' account, it should be permanently deleted and not be restored on docker restart.

Info:

• OS: Debian Bullseye
• Browser Safari
• Database MariadB
• Papermerge Version Papermerge 2.0

Originally created by @RefineryX on GitHub (Dec 18, 2021). Original GitHub issue: https://github.com/ciur/papermerge/issues/439 Originally assigned to: @ciur on GitHub. **Description** I created a new account assigning 'Superuser status' and 'active'. I want this to replace the default 'admin' account however cannot delete the admin account. I have tried both removing and renaming but the account returns on restart. **Expected** When deleting the 'admin' account, it should be permanently deleted and not be restored on docker restart. **Info:** - OS: Debian Bullseye - Browser Safari - Database MariadB - Papermerge Version Papermerge 2.0

kerem added the

bug

label 2026-02-25 21:31:44 +03:00

kerem commented 2026-02-25 21:31:44 +03:00

Author

Owner

Copy link

@ciur commented on GitHub (Dec 19, 2021):

This is docker image specific issue.
On docker image initialization this script runs from here and creates admin user (in case admin does not exist).

Probably it is a better idea to skip entirely automatic admin user creation and provide user UI to create admin user if not present.

<!-- gh-comment-id:997349086 --> @ciur commented on GitHub (Dec 19, 2021): This is docker image specific issue. On docker image initialization [this script](https://github.com/ciur/papermerge/blob/master/docker/scripts/create_user.py) runs from [here](https://github.com/ciur/papermerge/blob/master/docker/app.startup.sh#L16) and creates admin user (in case admin does not exist). Probably it is a better idea to skip entirely automatic admin user creation and provide user UI to create admin user if not present.

kerem commented 2026-02-25 21:31:44 +03:00

Author

Owner

Copy link

@RefineryX commented on GitHub (Dec 19, 2021):

Probably it is a better idea to skip entirely automatic admin user creation and provide user UI to create admin user if not present.

I think that is a great idea. For security, want to complete remove any connection with the default username and password, esp when they have already pre-set values (admin/admin). No matter what I do, it but it keeps coming back so I am forced to use the 'admin' username but changed the password.

It would also be great to maybe allow the user to setup a username/pass as part of onboarding when starting a fresh install.

<!-- gh-comment-id:997371658 --> @RefineryX commented on GitHub (Dec 19, 2021): > Probably it is a better idea to skip entirely automatic admin user creation and provide user UI to create admin user if not present. I think that is a great idea. For security, want to complete remove any connection with the default username and password, esp when they have already pre-set values (admin/admin). No matter what I do, it but it keeps coming back so I am forced to use the 'admin' username but changed the password. It would also be great to maybe allow the user to setup a username/pass as part of onboarding when starting a fresh install.

kerem commented 2026-02-25 21:31:44 +03:00

Author

Owner

Copy link

@Northguy commented on GitHub (Feb 6, 2022):

You could just login as admin, create a new account, assign that new account superuser rights, login with the new account name, revoke superuser access from 'admin' and disable the 'admin' account? Sounds safe enoughwith the exception of the fact that you will keep seeing the disabled admin account in the user overview.

<!-- gh-comment-id:1030820709 --> @Northguy commented on GitHub (Feb 6, 2022): You could just login as admin, create a new account, assign that new account superuser rights, login with the new account name, revoke superuser access from 'admin' and disable the 'admin' account? Sounds safe enoughwith the exception of the fact that you will keep seeing the disabled admin account in the user overview.

kerem referenced this issue 2026-02-25 21:32:18 +03:00

[PR #342] [CLOSED] Update papermerge-core version in base requirements #579

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

stable/2.0.x

add-warnings-to-2-0-branch

stable/2.1.x

stable/1.5.x

stable/1.4.x

stable/1.2.x

stable/1.3.x

stable/1.1.x

stable/1.0.x

3.5.3

3.5.1

3.5

3.4

3.5.2

3.3.1

3.1

3.0.3

3.0.2

3.2

3.0.1

3.0

2.0.x-with-banner

v2.1.9

v2.1.8

v2.1.7

v2.1.5

v2.1.4

v2.1.1

v2.1.0

v2.1.0b5

v2.1.0b3

v2.1.0b1

v2.0.1

v2.0.0

v2.0.0rc48

v2.0.0rc45

v2.0.0rc43

v2.0.0rc38

v2.0.0rc35

v1.5.5

v1.5.4

v1.5.3

tmp_micro_apps

v1.5.2

v1.5.1

v1.5.0

v1.5.0.rc1

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0.rc3

v1.4.0.rc2

v1.4.0.rc1

v1.2.3

v1.3.0

1.3.0

v1.3.0-alpha

v1.2.2

v1.2.1

v1.2.0

v1.1.0

1.0.0

v1.0.0

Labels

Clear labels   

2.1

  

3.0

  

3.0.1

  

3.0.2

  

3.0.3

  

3.0.3

  

3.1

  

3.2

  

3.2

  

3.3

  

3.5

  

3.x

  

Fixed. Waiting for feedback.

  

Fixed. Waiting for feedback.

  

UX

  

Version 2.1 - alpha

  

XSS

  

announcement

  

beta

  

blocker

  

bug

  

cannot reproduce

  

confirmed

  

confirmed

  

critical

  

demo

  

dependencies

  

deployment

  

detchnical debt

  

discussion

  

docker

  

documentation

  

donations

  

duplicate

  

enhancement

  

feature request

  

frontend

  

fundraising

  

good first issue

  

good issue

  

help wanted

  

high

  

implemented

  

important

  

improvement

  

incomplete

  

invalid

  

investigation

  

kubernetes

  

low

  

low impact

  

medium

  

medium

  

medium impact

  

migration from 2.0

  

migration from 2.1

  

missing-language

  

missing-ocr-language

  

no-activity

  

note

  

ocr

  

outofscope

  

packaging

  

performance

  

popular request

  

pull-request

Mirrored from GitHub Pull Request

  

pypi

  

question

  

raspberry pi

  

roadmap

  

search

  

security

  

setup

  

status

  

task

  

technical debt

  

updates

  

user xp

  

version 1.4.0 - demo

  

will be implemented

  

will not be implemented

  

wontfix

No labels

2.1

3.0

3.0.1

3.0.2

3.0.3

3.0.3

3.1

3.2

3.2

3.3

3.5

3.x

Fixed. Waiting for feedback.

Fixed. Waiting for feedback.

UX

Version 2.1 - alpha

XSS

announcement

beta

blocker

bug

cannot reproduce

confirmed

confirmed

critical

demo

dependencies

deployment

detchnical debt

discussion

docker

documentation

donations

duplicate

enhancement

feature request

frontend

fundraising

good first issue

good issue

help wanted

high

implemented

important

improvement

incomplete

invalid

investigation

kubernetes

low

low impact

medium

medium

medium impact

migration from 2.0

migration from 2.1

missing-language

missing-ocr-language

no-activity

note

ocr

outofscope

packaging

performance

popular request

pull-request

pypi

question

raspberry pi

roadmap

search

security

setup

status

task

technical debt

updates

user xp

version 1.4.0 - demo

will be implemented

will not be implemented

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/papermerge#342

No description provided.