Replace admin user with "hestiaweb" and new "user" (#3855)

* Update debian.sh

* Go trough all scripts to remove admin user

* Update more scripts

* Complete /bin/

* /func folder

* Run php under hestiaweb user

* Fix check password

* Patch few bugs in installer

* For got to update hestia-nginx

* Update post install scripts

* Forgot some usage of "admin" in upgrade.sh

* Run via /var/spool/cron/crontabs/hestiaweb

* Update Ubuntu installer

* Delete hard coded admin user and replace with variable

* Update 1 more location

Todo: api

* Add root_user to v-list-sys-config

* Update permissions filemanager

Also removed unues install-fm

* Update API to use new admin user

* Remove "Unsafe warning"

* Upgrade script

* Fix upgrade script

* Fix issue

* Check if home dir exstis

* Include sudo file + cronjobs

* Fix cronjobs

* Use correct path

* Revert "Remove "Unsafe warning""

This reverts commit c2f2cca12691a069ef51259652d1b5110a5e9391.

* Add ROLE to sessions

And use it in the checks

* Add remove admin user for sudoers

Keep enabled for now as it would prevent you from going to 1.8.x

* set default new user package to "default"

Also add upgrade notice...

* Replace hardcode admin

* Allow W = yes

* remove extra line

* Source conf after update

* Fix bug with ROOT_USER not found on upgrade for the first time

bin/v-add-cron-hestia-autoupdate

@@ -10,7 +10,6 @@
 #----------------------------------------------------------#
 
 # Argument definition
-user=admin
 mode=$1
 
 # Includes
@@ -26,10 +25,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
-is_package_full 'CRON_JOBS'
-get_next_cronjob
-check_cron_apt=$(grep 'v-update-sys-hestia-all' $USER_DATA/cron.conf)
-check_cron_git=$(grep 'v-update-sys-hestia-git' $USER_DATA/cron.conf)
+check_cron_apt=$(grep 'v-update-sys-hestia-all' "/var/spool/cron/crontabs/hestiaweb")
+check_cron_git=$(grep 'v-update-sys-hestia-git' "/var/spool/cron/crontabs/hestiaweb")
 if [ -n "$check_cron_apt" ] || [ -n "$check_cron_git" ]; then
 	exit
 fi
@@ -53,7 +50,7 @@ if [ -z "$mode" ] || [ "$mode" = "apt" ]; then
 	day='*'
 	month='*'
 	wday='*'
-	command="sudo $BIN/v-update-sys-hestia-all"
+	command='v-update-sys-hestia-all'
 fi
 
 if [ "$mode" = "git" ]; then
@@ -62,32 +59,14 @@ if [ "$mode" = "git" ]; then
 	day='*'
 	month='*'
 	wday='*'
-	command="sudo $BIN/v-update-sys-hestia-git"
+	command='v-update-sys-hestia-git'
 fi
 
-# Concatenating cron string
-str="JOB='$job' MIN='$min' HOUR='$hour' DAY='$day' MONTH='$month' WDAY='$wday'"
-str="$str CMD='$command' SUSPENDED='no' TIME='$time' DATE='$date'"
-
-# Adding to crontab
-echo "$str" >> $HESTIA/data/users/$user/cron.conf
-
-# Changing permissions
-chmod 660 $HESTIA/data/users/$user/cron.conf
-
-# Sort jobs by id number
-sort_cron_jobs
-
-# Sync cronjobs with system cron
-sync_cron_jobs
+echo "$min $hour * * * sudo /usr/local/hestia/bin/$command" > "/var/spool/cron/crontabs/hestiaweb"
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
-
-# Increasing cron value
-increase_user_value "$user" '$U_CRON_JOBS'
-
 # Restarting cron
 $BIN/v-restart-cron
 check_result $? "Cron restart failed" > /dev/null

bin/v-add-cron-letsencrypt-job

@@ -30,10 +30,10 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Add cron job
-cmd="sudo $BIN/v-update-sys-queue letsencrypt"
-check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+cmd="bin/v-update-sys-queue letsencrypt"
+check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
-	$BIN/v-add-cron-job admin '*/5' '*' '*' '*' '*' "$cmd"
+	echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue letsencrypt" >> "/var/spool/cron/crontabs/hestiaweb"
 fi
 
 #----------------------------------------------------------#

bin/v-add-cron-restart-job

@@ -30,10 +30,10 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Add cron job
-cmd="sudo $BIN/v-update-sys-queue restart"
-check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+cmd="v-update-sys-queue restart"
+check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
-	$BIN/v-add-cron-job admin '*' '*' '*' '*' '*' "$cmd"
+	echo "*/2 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue restart" >> "/var/spool/cron/crontabs/hestiaweb"
 fi
 
 #----------------------------------------------------------#

bin/v-add-letsencrypt-domain

@@ -569,11 +569,10 @@ if [ "$?" -ne '0' ]; then
 fi
 
 # Adding LE autorenew cronjob
-if [ -z "$(grep v-update-lets $HESTIA/data/users/admin/cron.conf)" ]; then
+if [ -z "$(grep v-update-letsen "$HESTIA/data/users/$ROOT_USER/cron.conf")" ]; then
 	min=$(generate_password '012345' '2')
 	hour=$(generate_password '1234567' '1')
-	cmd="sudo $BIN/v-update-letsencrypt-ssl"
-	$BIN/v-add-cron-job admin "$min" "$hour" '*' '*' '*' "$cmd" > /dev/null
+	echo "$min $hour * * * sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl" > /etc/cron.d/hestiaweb
 fi
 
 # Updating letsencrypt key

bin/v-add-sys-dependencies

@@ -19,7 +19,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 source "$HESTIA/install/upgrade/upgrade.conf"
 
 MODE=$1
-user="admin"
+user="$ROOT_USER"
 
 PM_INSTALL_DIR="$HESTIA/web/inc"
 QUICK_INSTALL_DIR="$HESTIA/web/src"
@@ -49,7 +49,7 @@ fi
 if [ ! -f "$COMPOSER_BIN" ]; then
 	$BIN/v-add-user-composer "$user"
 	if [ $? -ne 0 ]; then
-		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">Hestia will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-dependencies</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Composer installation failed!' '<p class="u-text-bold">Hestia will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-dependencies</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 		exit 1
 	fi
 fi
@@ -78,7 +78,7 @@ if [ $? -ne 0 ]; then
 	echo "ERROR: PHPMailer installation failed!"
 	echo "Please report this to our development team:"
 	echo "https://github.com/hestiacp/hestiacp/issues"
-	$BIN/v-add-user-notification admin 'Hestia PHP dependencies installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
+	$BIN/v-add-user-notification "$ROOT_USER" 'Hestia PHP dependencies installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
 	# Installation failed, clean up files
 	rm --recursive --force ${PM_INSTALL_DIR}/vendor
 	$BIN/v-change-sys-config-value 'USE_SERVER_SMTP' 'n'

bin/v-add-sys-filemanager

@@ -20,7 +20,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 source_conf "$HESTIA/install/upgrade/upgrade.conf"
 
 MODE=$1
-user="admin"
+user="$ROOT_USER"
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
 FM_FILE="filegator_latest"
@@ -51,7 +51,7 @@ fi
 if [ ! -f "$COMPOSER_BIN" ]; then
 	$BIN/v-add-user-composer "$user"
 	if [ $? -ne 0 ]; then
-		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-filemanager</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-filemanager</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 		exit 1
 	fi
 fi
@@ -91,7 +91,7 @@ if [ $? -ne 0 ]; then
 	echo "ERROR: File Manager installation failed!"
 	echo "Please report this to our development team:"
 	echo "https://github.com/hestiacp/hestiacp/issues"
-	$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
+	$BIN/v-add-user-notification "$ROOT_USER" 'File Manager installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
 	# Installation failed, clean up files
 	rm --recursive --force ${FM_INSTALL_DIR}
 	$BIN/v-change-sys-config-value 'FILE_MANAGER' 'false'
@@ -105,9 +105,9 @@ cp -f $HESTIA_INSTALL_DIR/filemanager/filegator/configuration.php $HESTIA/web/fm
 echo "$fm_v" > "${FM_INSTALL_DIR}/version"
 # Set permissions
 chown root: -R "${FM_INSTALL_DIR}"
-chown $user: "${FM_INSTALL_DIR}/private"
-chown $user: "${FM_INSTALL_DIR}/private/logs"
-chown $user: "${FM_INSTALL_DIR}/repository"
+chown hestiaweb: "${FM_INSTALL_DIR}/private"
+chown hestiaweb: "${FM_INSTALL_DIR}/private/logs"
+chown hestiaweb: "${FM_INSTALL_DIR}/repository"
 
 $BIN/v-change-sys-config-value 'FILE_MANAGER' 'true'
 

bin/v-add-sys-ip

@@ -28,7 +28,7 @@ if [ -z "$iface" ]; then
 fi
 
 iface="${3-$iface}"
-user="${4-admin}"
+user="$4"
 ip_status="${5-shared}"
 ip_name="$6"
 nat_ip="$7"
@@ -47,6 +47,10 @@ source "$HESTIA/func/syshealth.sh"
 # load config file
 source_conf "$HESTIA/conf/hestia.conf"
 
+if [ -z "$4" ]; then
+	user="$ROOT_USER"
+fi
+
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -62,7 +66,7 @@ fi
 if [ -n "$nat_ip" ]; then
 	is_format_valid 'nat_ip'
 fi
-if [ "$user" != "admin" ]; then
+if [ "$user" != "$ROOT_USER" ]; then
 	ip_status="dedicated"
 fi
 
@@ -204,17 +208,17 @@ syshealth_adapt_hestia_nginx_listen_ports
 
 # Updating user counters
 increase_user_value "$user" '$IP_OWNED'
-if [ "$user" = 'admin' ]; then
+if [ "$user" = $ROOT_USER ]; then
 	if [ "$ip_status" = 'shared' ]; then
 		for hestia_user in $($BIN/v-list-sys-users plain); do
 			increase_user_value "$hestia_user" '$IP_AVAIL'
 		done
 	else
-		increase_user_value 'admin' '$IP_AVAIL'
+		increase_user_value $ROOT_USER '$IP_AVAIL'
 	fi
 else
 	increase_user_value "$user" '$IP_AVAIL'
-	increase_user_value 'admin' '$IP_AVAIL'
+	increase_user_value $ROOT_USER '$IP_AVAIL'
 fi
 
 # Restarting web server

bin/v-add-sys-sftp-jail

@@ -58,7 +58,7 @@ fi
 # Validating opensshd config
 if [ "$restart" = 'yes' ]; then
 	subj="OpenSSH restart failed"
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 	/usr/sbin/sshd -t > /dev/null 2>&1
 	if [ "$?" -ne 0 ]; then
 		mail_text="OpenSSH can not be restarted. Please check config:
@@ -72,8 +72,10 @@ fi
 # Checking users
 shells="rssh|nologin"
 for user in $(grep "$HOMEDIR" /etc/passwd | egrep "$shells" | cut -f 1 -d:); do
-	# Include all users v-add-user-sftp-jail will handle it
-	$BIN/v-add-user-sftp-jail "$user" "no"
+	if [ -d "/home/$user" ]; then
+		# Include all users v-add-user-sftp-jail will handle it
+		$BIN/v-add-user-sftp-jail "$user" "no"
+	fi
 done
 
 # Restart ssh service

bin/v-add-user

@@ -2,7 +2,7 @@
 # info: add system user
 # options: USER PASSWORD EMAIL [PACKAGE] [NAME] [LASTNAME]
 #
-# example: v-add-user admin2 P4$$w@rD bgates@aol.com
+# example: v-add-user user P4$$w@rD bgates@aol.com
 #
 # This function creates new user account.
 
@@ -92,8 +92,8 @@ if [ -z "$(grep ^hestia-users: /etc/group)" ]; then
 fi
 
 # Add membership to hestia-users group to non-admin users
-if [ "$user" = "admin" ]; then
-	setfacl -m "g:admin:r-x" "$HOMEDIR/$user"
+if [ "$user" = "$ROOT_USER" ]; then
+	setfacl -m "g:$ROOT_USER:r-x" "$HOMEDIR/$user"
 else
 	usermod -a -G "hestia-users" "$user"
 	setfacl -m "u:$user:r-x" "$HOMEDIR/$user"
@@ -198,8 +198,8 @@ time=$(echo "$time_n_date" | cut -f 1 -d \ )
 date=$(echo "$time_n_date" | cut -f 2 -d \ )
 
 # Filling user config
-if [ "$user" != 'admin' ]; then
-	ip_avail=$($BIN/v-list-user-ips admin plain | grep -w shared | wc -l)
+if [ "$user" != "$ROOT_USER" ]; then
+	ip_avail=$($BIN/v-list-user-ips "$ROOT_USER" plain | grep -w shared | wc -l)
 	u_users=0
 else
 	ip_avail=0
@@ -262,8 +262,8 @@ if [ "$DISK_QUOTA" = 'yes' ]; then
 fi
 
 # Updating admin counter
-if [ "$user" != 'admin' ]; then
-	increase_user_value 'admin' '$U_USERS'
+if [ "$user" != "$ROOT_USER" ]; then
+	increase_user_value "$ROOT_USER" '$U_USERS'
 fi
 
 # Run template trigger

bin/v-backup-user

@@ -174,7 +174,7 @@ start_time=$(date '+%s')
 
 # Set notification email and subject
 subj="$user → backup failed"
-email=$(grep CONTACT "$HESTIA/data/users/admin/user.conf" | cut -f 2 -d \')
+email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 
 # Validate available disk space (take usage * 2, due to the backup handling)
 let u_disk=$(($(get_user_disk_usage) * 2))

bin/v-change-database-host-password

@@ -45,7 +45,7 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Define email
-email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f2 -d \')
+email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f2 -d \')
 subj="v-change-database-host-password $*"
 
 case $type in

bin/v-change-sys-ip-owner

@@ -49,37 +49,37 @@ ip_owner=$(get_ip_value '$OWNER')
 if [ "$ip_owner" != "$user" ]; then
 	update_ip_value '$OWNER' "$user"
 	decrease_user_value "$ip_owner" '$IP_OWNED'
-	if [ "$ip_owner" = 'admin' ]; then
+	if [ "$ip_owner" = "$ROOT_USER" ]; then
 		if [ "$ip_status" = 'shared' ]; then
 			for hestia_user in $($BIN/v-list-sys-users plain); do
 				decrease_user_value "$hestia_user" '$IP_AVAIL'
 			done
 		else
-			decrease_user_value 'admin' '$IP_AVAIL'
+			decrease_user_value "$ROOT_USER" '$IP_AVAIL'
 		fi
 	else
 		decrease_user_value "$ip_owner" '$IP_AVAIL'
-		decrease_user_value 'admin' '$IP_AVAIL'
+		decrease_user_value "$ROOT_USER" '$IP_AVAIL'
 	fi
 
 	increase_user_value "$user" '$IP_OWNED'
-	if [ "$user" = 'admin' ]; then
+	if [ "$user" = "$ROOT_USER" ]; then
 		if [ "$ip_status" = 'shared' ]; then
 			for hestia_user in $($BIN/v-list-sys-users plain); do
 				increase_user_value "$hestia_user" '$IP_AVAIL'
 			done
 		else
-			increase_user_value 'admin' '$IP_AVAIL'
+			increase_user_value "$ROOT_USER" '$IP_AVAIL'
 		fi
 	else
 		increase_user_value "$user" '$IP_AVAIL'
-		increase_user_value 'admin' '$IP_AVAIL'
+		increase_user_value "$ROOT_USER" '$IP_AVAIL'
 	fi
 fi
 
 # Set status to dedicated if owner is not admin
 ip_status="$(get_ip_value '$STATUS')"
-if [ "$user" != 'admin' ] && [ "$ip_status" = 'shared' ]; then
+if [ "$user" != "$ROOT_USER" ] && [ "$ip_status" = 'shared' ]; then
 	$BIN/v-change-sys-ip-status "$ip" 'dedicated'
 fi
 

bin/v-change-sys-ip-status

@@ -40,8 +40,8 @@ ip_owner=$(get_ip_value '$OWNER')
 if [ "$web_domains" -ne '0' ] && [ "$sys_user" != "$ip_owner" ]; then
 	check_result "$E_INUSE" "IP $ip is used"
 fi
-if [ "$ip_owner" != "admin" ] && [ "$ip_status" = "shared" ]; then
-	$BIN/v-change-sys-ip-owner "$ip" "admin"
+if [ "$ip_owner" != "$ROOT_USER" ] && [ "$ip_status" = "shared" ]; then
+	$BIN/v-change-sys-ip-owner "$ip" "$ROOT_USER"
 fi
 
 # Perform verification if read-only mode is enabled

bin/v-delete-cron-hestia-autoupdate

@@ -8,9 +8,6 @@
 #                Variables & Functions                     #
 #----------------------------------------------------------#
 
-# Argument definition
-user=admin
-
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
 source /etc/hestiacp/hestia.conf
@@ -24,8 +21,6 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
-check_cron_apt=$(grep 'v-update-sys-hestia-all' $USER_DATA/cron.conf)
-check_cron_git=$(grep 'v-update-sys-hestia-git' $USER_DATA/cron.conf)
 
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
@@ -34,29 +29,13 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Deleting job
-if [ -n "$check_cron_apt" ]; then
-	job=$(echo $check_cron_apt | tr ' ' "\n" | grep JOB | cut -f 2 -d "'")
-fi
-if [ -n "$check_cron_git" ]; then
-	job=$(echo $check_cron_git | tr ' ' "\n" | grep JOB | cut -f 2 -d "'")
-fi
-
-sed -i "/JOB='$job' /d" $USER_DATA/cron.conf
-
-# Sorting jobs by id
-sort_cron_jobs
-
-# Sync system cron with user
-sync_cron_jobs
+sed -i "/v-update-sys-hestia-all/d" "/var/spool/cron/crontabs/hestiaweb"
+sed -i "/v-update-sys-hestia-git/d" "/var/spool/cron/crontabs/hestiaweb"
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
 
-# Decreasing cron value
-decrease_user_value "$user" '$U_CRON_JOBS'
-
 # Restarting crond
 $BIN/v-restart-cron
 check_result $? "Cron restart failed" > /dev/null

bin/v-delete-cron-restart-job

@@ -30,11 +30,10 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Add cron job
-cmd="sudo $BIN/v-update-sys-queue restart"
-check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+cmd="v-update-sys-queue restart"
+check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 if [ -n "$check_cron" ]; then
-	parse_object_kv_list "$check_cron"
-	$BIN/v-delete-cron-job admin "$JOB"
+	sed -i "/v-update-sys-queue restart/d" "/var/spool/cron/crontabs/hestiaweb"
 fi
 
 #----------------------------------------------------------#

bin/v-delete-remote-dns-host

@@ -52,11 +52,10 @@ if [ "$check_cluster" -eq '0' ]; then
 	sed -i "/DNS_CLUSTER=/d" "$HESTIA/conf/hestia.conf"
 
 	# Delete cron job
-	cmd="sudo $BIN/v-update-sys-queue dns-cluster"
-	check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+	cmd="v-update-sys-queue dns-cluster"
+	check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 	if [ -n "$check_cron" ]; then
-		parse_object_kv_list "$check_cron"
-		$BIN/v-delete-cron-job admin "$JOB"
+		sed -i "/v-update-sys-queue dns-cluster/d" "/var/spool/cron/crontabs/hestiaweb"
 	fi
 fi
 

bin/v-delete-sys-ip

@@ -137,7 +137,7 @@ if [ -n "$OWNER" ]; then
 	decrease_user_value "$OWNER" '$IP_OWNED'
 fi
 
-if [ "$OWNER" = 'admin' ]; then
+if [ "$OWNER" = "$ROOT_USER" ]; then
 	if [ "$STATUS" = 'shared' ]; then
 		for hestia_user in $($BIN/v-list-sys-users plain); do
 			decrease_user_value "$hestia_user" '$IP_AVAIL'

bin/v-delete-sys-sftp-jail

@@ -55,7 +55,7 @@ fi
 # Validating opensshd config
 if [ "$restart" = 'yes' ]; then
 	subj="OpenSSH restart failed"
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 	/usr/sbin/sshd -t > /dev/null 2>&1
 	if [ "$?" -ne 0 ]; then
 		mail_text="OpenSSH can not be restarted. Please check config:

bin/v-delete-user-ips

@@ -52,10 +52,10 @@ for ip in $ip_list; do
 	is_ip_key_empty '$U_SYS_USERS'
 
 	# Assig ip to main account
-	update_ip_value '$OWNER' 'admin'
+	update_ip_value '$OWNER' "$ROOT_USER"
 	update_ip_value '$STATUS' 'dedicated'
-	increase_user_value 'admin' '$IP_OWNED'
-	increase_user_value 'admin' '$IP_AVAIL'
+	increase_user_value "$ROOT_USER" '$IP_OWNED'
+	increase_user_value "$ROOT_USER" '$IP_AVAIL'
 	$BIN/v-log-action "system" "Info" "System" "Removed IP address from user (IP: $ip, User: $user)."
 done
 

bin/v-delete-user-log

@@ -40,7 +40,7 @@ fi
 
 # Set correct path for log file (system or user)
 if [ "$user" = "system" ]; then
-	log_file="$HESTIA/data/users/admin/system.log"
+	log_file="$HESTIA/log/activity.log"
 else
 	log_file="$HESTIA/data/users/$user/history.log"
 fi

bin/v-delete-user-stats

@@ -38,7 +38,7 @@ check_hestia_demo_mode
 #                       Actions                            #
 #----------------------------------------------------------#
 
-if [ "$user" = 'admin' ] && [ "$mode" = "overall" ]; then
+if [ "$user" = "$ROOT_USER" ] && [ "$mode" = "overall" ]; then
 	log_file="$USER_DATA/overall_stats.log"
 else
 	log_file="$USER_DATA/stats.log"

bin/v-download-backup

@@ -89,7 +89,7 @@ if [ ! -e "$BACKUP/$backup" ]; then
 	else
 		if [ -e "$BACKUP/$backup" ]; then
 			chmod 0640 $BACKUP/$backup
-			chown admin:admin $BACKUP/$backup
+			chown hestiaweb:hestiaweb $BACKUP/$backup
 			echo "rm $BACKUP/$backup" | at now + 1 day
 		fi
 	fi

bin/v-generate-api-key

@@ -33,7 +33,7 @@ check_hestia_demo_mode
 
 if [ ! -d "$HESTIA/data/keys/" ]; then
 	mkdir -p $HESTIA/data/keys/
-	chown admin:root $HESTIA/data/keys/
+	chown hestiaweb:root $HESTIA/data/keys/
 	chmod 750 $HESTIA/data/keys/
 fi
 

bin/v-list-access-key

@@ -66,7 +66,7 @@ is_object_valid 'key' 'KEY' "$access_key_id"
 #----------------------------------------------------------#
 
 # Avoid "USER" receive "root" in old keys
-USER="admin"
+USER="$ROOT_USER"
 PERMISSIONS=""
 COMMENT=""
 DATE=""

bin/v-list-access-keys

@@ -28,7 +28,7 @@ json_list() {
 	for key_file in $HESTIA/data/access-keys/*; do
 		key_file="$(basename -- "$key_file")"
 		if [[ "$key_file" =~ ^[[:alnum:]]{20}$ ]]; then
-			USER="admin" SECRET_ACCESS_KEY="" PERMISSIONS="" DATE="" TIME="" COMMENT=""
+			USER="$ROOT_USER" SECRET_ACCESS_KEY="" PERMISSIONS="" DATE="" TIME="" COMMENT=""
 			source_conf "$HESTIA/data/access-keys/$key_file"
 			if [ "$user" = "$USER" ] || [ -z "$user" ]; then
 				PERMISSIONS_ARR='[]'
@@ -64,7 +64,7 @@ shell_list() {
 	for key_file in $HESTIA/data/access-keys/*; do
 		key_file="$(basename -- "$key_file")"
 		if [[ "$key_file" =~ ^[[:alnum:]]{20}$ ]]; then
-			USER="admin" SECRET_ACCESS_KEY="" PERMISSIONS="" DATE="" TIME="" COMMENT=""
+			USER="$ROOT_USER" SECRET_ACCESS_KEY="" PERMISSIONS="" DATE="" TIME="" COMMENT=""
 			source_conf "$HESTIA/data/access-keys/$key_file"
 			if [ "$user" = "$USER" ] || [ -z "$user" ]; then
 				ACCESS_KEY_ID="$(basename "$key_file")"

bin/v-list-sys-config

@@ -86,6 +86,7 @@ json_list() {
 			"PROXY_SYSTEM": "'$PROXY_SYSTEM'",
 			"RELEASE_BRANCH": "'$RELEASE_BRANCH'",
 			"REPOSITORY": "'$REPOSITORY'",
+      "ROOT_USER": "'$ROOT_USER'",
 			"SERVER_SMTP_ADDR": "'$SERVER_SMTP_ADDR'",
 			"SERVER_SMTP_HOST": "'$SERVER_SMTP_HOST'",
 			"SERVER_SMTP_PASSWD": "'$SERVER_SMTP_PASSWD'",

bin/v-list-sys-hestia-autoupdate

@@ -11,7 +11,6 @@
 #----------------------------------------------------------#
 
 # Argument definition
-user='admin'
 format=${1-shell}
 
 # Includes
@@ -67,7 +66,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 # Check cron tab
-check_cron=$(grep 'v-update-sys-hestia-all' $USER_DATA/cron.conf)
+check_cron=$(grep 'v-update-sys-hestia-all' /var/spool/cron/crontabs/hestiaweb)
 
 # Listing data
 case $format in

bin/v-list-user

@@ -179,8 +179,8 @@ is_object_valid 'user' 'USER' "$user"
 USER=$user
 HOME=$HOMEDIR/$user
 source_conf "$HESTIA/data/users/$user/user.conf"
-U_USERS=$(cat $HESTIA/data/users/admin/user.conf | grep "U_USERS" | cut -d'=' -f2 | sed "s/'//g")
-SUSPENDED_USERS=$(cat $HESTIA/data/users/admin/user.conf | grep "SUSPENDED_USERS" | cut -d'=' -f2 | sed "s/'//g")
+U_USERS=$(cat "$HESTIA/data/users/$ROOT_USER/user.conf" | grep "U_USERS" | cut -d'=' -f2 | sed "s/'//g")
+SUSPENDED_USERS=$(cat "$HESTIA/data/users/$ROOT_USER/user.conf" | grep "SUSPENDED_USERS" | cut -d'=' -f2 | sed "s/'//g")
 
 # Listing data
 case $format in

bin/v-list-user-ips

@@ -91,7 +91,7 @@ is_object_valid 'user' 'USER' "$user"
 #----------------------------------------------------------#
 
 # Defining fileds to select
-owner='admin'
+owner="$ROOT_USER"
 owner_ips="$(grep -A 1 -H "OWNER='$owner'" $HESTIA/data/ips/*)"
 owner_ips="$(echo "$owner_ips" | grep "STATUS='shared'")"
 owner_ips="$(echo "$owner_ips" | cut -f 7 -d / | cut -f 1 -d -)"

bin/v-list-user-log

@@ -113,7 +113,7 @@ fi
 
 # Parsing history log
 if [ "$user" = "system" ]; then
-	log_file="$HESTIA/data/users/admin/system.log"
+	log_file="$HESTIA/log/activity.log"
 else
 	log_file="$USER_DATA/history.log"
 fi

bin/v-list-users-stats

@@ -23,7 +23,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 json_list() {
 	IFS=$'\n'
 	i=1
-	objects=$(grep DATE $HESTIA/data/users/admin/overall_stats.log | wc -l)
+	objects=$(grep DATE "$HESTIA/data/users/$ROOT_USER/overall_stats.log" | wc -l)
 	echo "{"
 	while read str; do
 		parse_object_kv_list "$str"
@@ -58,7 +58,7 @@ json_list() {
 			echo
 		fi
 		((i++))
-	done < <(cat $HESTIA/data/users/admin/overall_stats.log)
+	done < <(cat "$HESTIA/data/users/$ROOT_USER/overall_stats.log")
 	echo '}'
 }
 
@@ -75,7 +75,7 @@ shell_list() {
 		echo -n "$DATE $U_USERS $U_WEB_DOMAINS $U_DNS_DOMAINS "
 		echo -n "$U_MAIL_DOMAINS $U_DATABASES $U_BACKUPS $IP_OWNED "
 		echo "$U_DISK $U_BANDWIDTH"
-	done < <(cat $HESTIA/data/users/admin/overall_stats.log)
+	done < <(cat "$HESTIA/data/users/$ROOT_USER/overall_stats.log")
 }
 
 # PLAIN list function
@@ -89,7 +89,7 @@ plain_list() {
 		echo -ne "$U_WEB_ALIASES\t$U_DNS_DOMAINS\t$U_DNS_RECORDS\t"
 		echo -ne "$U_MAIL_DOMAINS\t$U_MAIL_DKIM\t$U_MAIL_ACCOUNTS\t"
 		echo -e "$U_DATABASES\t$U_CRON_JOBS\t$U_BACKUPS\t$U_USERS"
-	done < <(cat $HESTIA/data/users/admin/overall_stats.log)
+	done < <(cat "$HESTIA/data/users/$ROOT_USER/overall_stats.log")
 }
 
 # CSV list function
@@ -110,7 +110,7 @@ csv_list() {
 		echo -n "$U_WEB_ALIASES,$U_DNS_DOMAINS,$U_DNS_RECORDS,"
 		echo -n "$U_MAIL_DOMAINS,$U_MAIL_DKIM,$U_MAIL_ACCOUNTS,"
 		echo "$U_DATABASES,$U_CRON_JOBS,$U_BACKUPS,$U_USERS"
-	done < <(cat $HESTIA/data/users/admin/overall_stats.log)
+	done < <(cat "$HESTIA/data/users/$ROOT_USER/overall_stats.log")
 }
 
 #----------------------------------------------------------#

bin/v-restart-cron

@@ -19,7 +19,7 @@ source $HESTIA/func/main.sh
 source_conf "$HESTIA/conf/hestia.conf"
 
 send_email_report() {
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	tmpfile=$(mktemp)
 	subj="$(hostname): $CRON_SYSTEM restart failed"

bin/v-restart-dns

@@ -24,7 +24,7 @@ send_email_report() {
 	else
 		dns_conf='/etc/bind/named.conf'
 	fi
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	tmpfile=$(mktemp)
 	subj="$(hostname): "$DNS_SYSTEM" restart failed"

bin/v-restart-ftp

@@ -19,7 +19,7 @@ source $HESTIA/func/main.sh
 source_conf "$HESTIA/conf/hestia.conf"
 
 send_email_report() {
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	tmpfile=$(mktemp)
 	subj="$(hostname): $FTP_SYSTEM restart failed"

bin/v-restart-mail

@@ -21,7 +21,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 send_email_report() {
 	local mail_service="$1"
 	journalctl --no-pager --reverse --since=-1m --unit "$mail_service" >> "$tmpfile" 2>&1
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	subj="$(hostname): $mail_service restart failed"
 	cat "$tmpfile" | $SENDMAIL -s "$subj" $email

bin/v-restart-proxy

@@ -21,7 +21,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 date=$(date +"%Y-%m-%d %H:%M:%S")
 
 send_email_report() {
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	tmpfile=$(mktemp)
 	subj="$(hostname): $PROXY_SYSTEM restart failed"

bin/v-restart-web

@@ -21,7 +21,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 date=$(date +"%Y-%m-%d %H:%M:%S")
 
 send_email_report() {
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	tmpfile=$(mktemp)
 	subj="$(hostname): $WEB_SYSTEM restart failed"

bin/v-restart-web-backend

@@ -23,7 +23,7 @@ source $HESTIA/func/main.sh
 source_conf "$HESTIA/conf/hestia.conf"
 
 send_email_report() {
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf)
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf")
 	email=$(echo "$email" | cut -f 2 -d "'")
 	subj="$(hostname): $WEB_BACKEND restart failed"
 	cat $tmpfile | $SENDMAIL -s "$subj" $email

bin/v-restore-user

@@ -102,7 +102,7 @@ if [ -z "$check_user" ]; then
 	email=$(get_user_value '$CONTACT')
 else
 	create_user="yes"
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f2 -d \')
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f2 -d \')
 fi
 
 # Checking available disk space
@@ -821,7 +821,7 @@ if [ "$cron" != 'no' ] && [ -n "$CRON_SYSTEM" ]; then
 	fi
 
 	# Replace paths from vesta to hestia
-	if [ "$backup_system" == 'vesta' ] && [ "$user" == 'admin' ]; then
+	if [ "$backup_system" == 'vesta' ] && [ "$user" == "$ROOT_USER" ]; then
 		sed -i 's/vesta/hestia/g' $tmpdir/cron/cron.conf
 	fi
 
@@ -929,8 +929,8 @@ sed -i "/v-restore-user $user /d" $HESTIA/data/queue/backup.pipe
 #----------------------------------------------------------#
 
 # Update user counters
-$BIN/v-update-user-counters $user
-$BIN/v-update-user-counters admin
+$BIN/v-update-user-counters "$user"
+$BIN/v-update-user-counters "$ROOT_USER"
 $BIN/v-update-sys-ip-counters
 
 # Logging

bin/v-suspend-user

@@ -30,7 +30,7 @@ check_args '1' "$#" 'USER [RESTART]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
-if [ "$user" = 'admin' ]; then
+if [ "$user" = "$ROOT_USER" ]; then
 	exit
 fi
 
@@ -96,7 +96,7 @@ check_result $? "Cron restart failed" > /dev/null
 
 # Changing suspend value
 update_user_value "$user" '$SUSPENDED' 'yes'
-increase_user_value 'admin' '$SUSPENDED_USERS'
+increase_user_value "$ROOT_USER" '$SUSPENDED_USERS'
 
 # Logging
 $BIN/v-log-action "system" "Info" "Users" "Suspended user account (Name: $user)."

bin/v-unsuspend-user

@@ -29,7 +29,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
-if [ "$user" = 'admin' ]; then
+if [ "$user" = "$ROOT_USER" ]; then
 	exit
 fi
 
@@ -53,7 +53,7 @@ fi
 
 # Changing suspend value
 update_user_value "$user" '$SUSPENDED' 'no'
-decrease_user_value 'admin' '$SUSPENDED_USERS'
+decrease_user_value "$ROOT_USER" '$SUSPENDED_USERS'
 
 # Unsuspending web domains
 if [ -n "$WEB_SYSTEM" ] && [ "$WEB_SYSTEM" != 'no' ]; then

bin/v-update-host-certificate

@@ -11,8 +11,8 @@
 #----------------------------------------------------------#
 
 whoami=$(whoami)
-if [ "$whoami" != "root" ] && [ "$whoami" != "admin" ]; then
-	echo "Error: this script must be run as root or admin."
+if [ "$whoami" != "root" ]; then
+	echo "Error: this script must be run as root."
 	exit 1
 fi
 

bin/v-update-user-counters

@@ -82,7 +82,7 @@ for user in $user_list; do
 	IFS=$'\n'
 
 	# Checking users
-	if [ "$user" = 'admin' ]; then
+	if [ "$user" = "$ROOT_USER" ]; then
 		spnd=$(grep "SUSPENDED='yes'" $HESTIA/data/users/*/user.conf | wc -l)
 		SUSPENDED_USERS=$spnd
 		U_USERS=$($BIN/v-list-sys-users plain | wc -l)
@@ -96,11 +96,11 @@ for user in $user_list; do
 			IP_OWNED=$((IP_OWNED + 1))
 			IP_AVAIL=$((IP_AVAIL + 1))
 		fi
-		if [ "$OWNER" = 'admin' ] && [ "$STATUS" = 'shared' ]; then
+		if [ "$OWNER" = "$ROOT_USER" ] && [ "$STATUS" = 'shared' ]; then
 			IP_AVAIL=$((IP_AVAIL + 1))
 		fi
 	done
-	if [ "$user" = 'admin' ]; then
+	if [ "$user" = "$ROOT_USER" ]; then
 		IP_AVAIL=$(ls $HESTIA/data/ips | wc -l)
 	fi
 

bin/v-update-user-stats

@@ -133,7 +133,7 @@ done
 
 if [ "$update_overall_stats" = 'yes' ]; then
 	# Updating overall stats
-	stats="$HESTIA/data/users/admin/overall_stats.log"
+	stats="$HESTIA/data/users/$ROOT_USER/overall_stats.log"
 
 	s="DATE='$DATE' TIME='$TIME' PACKAGE='default' IP_OWNED='$TOTAL_IP_OWNED'"
 	s="$s DISK_QUOTA='0' U_DISK='$TOTAL_U_DISK' U_DISK_DIRS='$TOTAL_U_DISK_DIRS'"

func/backup.sh

@@ -41,7 +41,7 @@ local_backup() {
 	cd $tmpdir
 	tar -cf $BACKUP/$user.$backup_new_date.tar .
 	chmod 640 $BACKUP/$user.$backup_new_date.tar
-	chown admin:$user $BACKUP/$user.$backup_new_date.tar
+	chown "$ROOT_USER":"$user" $BACKUP/$user.$backup_new_date.tar
 	localbackup='yes'
 	echo -e "$(date "+%F %T") Local: $BACKUP/$user.$backup_new_date.tar" \
 		| tee -a $BACKUP/$user.log

func/db.sh

@@ -72,7 +72,7 @@ mysql_connect() {
 	fi
 	if [ '0' -ne "$?" ]; then
 		if [ "$notify" != 'no' ]; then
-			email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+			email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 			subj="MySQL connection error on $(hostname)"
 			echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" \
 				| $SENDMAIL -s "$subj" $email
@@ -117,7 +117,7 @@ mysql_dump() {
 		if [ '0' -ne "$?" ]; then
 			rm -rf $tmpdir
 			if [ "$notify" != 'no' ]; then
-				email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+				email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 				subj="MySQL error on $(hostname)"
 				echo -e "Can't dump database $database\n$(cat $err)" \
 					| $SENDMAIL -s "$subj" $email
@@ -145,7 +145,7 @@ psql_connect() {
 	psql -h $HOST -U $USER -p $PORT -c "SELECT VERSION()" > /dev/null 2> /tmp/e.psql
 	if [ '0' -ne "$?" ]; then
 		if [ "$notify" != 'no' ]; then
-			email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+			email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 			subj="PostgreSQL connection error on $(hostname)"
 			echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" \
 				| $SENDMAIL -s "$subj" $email
@@ -168,7 +168,7 @@ psql_dump() {
 	if [ '0' -ne "$?" ]; then
 		rm -rf $tmpdir
 		if [ "$notify" != 'no' ]; then
-			email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+			email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 			subj="PostgreSQL error on $(hostname)"
 			echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" \
 				| $SENDMAIL -s "$subj" $email

func/ip.sh

@@ -228,7 +228,7 @@ get_broadcast() {
 get_user_ips() {
 	dedicated=$(grep -H "OWNER='$user'" $HESTIA/data/ips/*)
 	dedicated=$(echo "$dedicated" | cut -f 1 -d : | sed 's=.*/==' | grep -E ${REGEX_IPV4})
-	shared=$(grep -H -A1 "OWNER='admin'" $HESTIA/data/ips/* | grep shared)
+	shared=$(grep -H -A1 "OWNER='$ROOT_USER'" $HESTIA/data/ips/* | grep shared)
 	shared=$(echo "$shared" | cut -f 1 -d : | sed 's=.*/==' | cut -f 1 -d \- | grep -E ${REGEX_IPV4})
 	for dedicated_ip in $dedicated; do
 		shared=$(echo "$shared" | grep -v $dedicated_ip)

func/main.sh

@@ -120,7 +120,7 @@ log_history() {
 
 	# Log system events to system log file
 	if [ "$log_user" = "system" ]; then
-		log=$HESTIA/data/users/admin/system.log
+		log=$HESTIA/log/activity.log
 	else
 		if ! $BIN/v-list-user "$log_user" > /dev/null; then
 			return $E_NOTEXIST
@@ -208,11 +208,11 @@ is_package_full() {
 # User owner for reseller plugin
 get_user_owner() {
 	if [ -z "$RESELLER_KEY" ]; then
-		owner='admin'
+		owner="$ROOT_USER"
 	else
 		owner=$(grep "^OWNER" $USER_DATA/user.conf | cut -f 2 -d \')
 		if [ -z "$owner" ]; then
-			owner='admin'
+			owner="$ROOT_USER"
 		fi
 	fi
 }
@@ -1352,7 +1352,7 @@ check_access_key_cmd() {
 			if [[ -z "$(echo ",${allowed_commands}," | grep ",${hst_command},")" ]]; then
 				check_result "$E_FORBIDEN" "Key $access_key_id don't have permission to run the command $hst_command"
 			fi
-		elif [[ -z "$PERMISSIONS" && "$USER" != "admin" ]]; then
+		elif [[ -z "$PERMISSIONS" && "$USER" != "$ROOT_USER" ]]; then
 			check_result "$E_FORBIDEN" "Key $access_key_id don't have permission to run the command $hst_command"
 		fi
 		user_arg_position="0"
@@ -1368,11 +1368,11 @@ check_access_key_cmd() {
 			if [[ -z "$(echo ",${allowed_commands}," | grep ",${hst_command},")" ]]; then
 				check_result "$E_FORBIDEN" "Key $access_key_id don't have permission to run the command $hst_command"
 			fi
-		elif [[ -z "$PERMISSIONS" && "$USER" != "admin" ]]; then
+		elif [[ -z "$PERMISSIONS" && "$USER" != "$ROOT_USER" ]]; then
 			check_result "$E_FORBIDEN" "Key $access_key_id don't have permission to run the command $hst_command"
 		fi
 
-		if [[ "$USER" == "admin" ]]; then
+		if [[ "$USER" == "$ROOT_USER" ]]; then
 			# Admin can run commands for any user
 			user_arg_position="0"
 		else
@@ -1610,7 +1610,7 @@ is_key_permissions_format_valid() {
 	local permissions="$1"
 	local user="$2"
 
-	if [[ "$user" != "admin" && -z "$permissions" ]]; then
+	if [[ "$user" != "$ROOT_USER" && -z "$permissions" ]]; then
 		check_result "$E_INVALID" "Non-admin users need a permission list"
 	fi
 
@@ -1624,7 +1624,7 @@ is_key_permissions_format_valid() {
 			fi
 
 			source_conf "$HESTIA/data/api/$permission"
-			if [ "$ROLE" = "admin" ] && [ "$user" != "admin" ]; then
+			if [ "$ROLE" = "admin" ] && [ "$user" != "$ROOT_USER" ]; then
 				check_result "$E_INVALID" "Only the admin can run this API"
 			fi
 			#            elif [[ ! -e "$BIN/$permission" ]]; then

func/rebuild.sh

@@ -78,8 +78,8 @@ rebuild_user_conf() {
 	fi
 
 	# Add membership to hestia-users group to non-admin users
-	if [ "$user" = "admin" ]; then
-		setfacl -m "g:admin:r-x" "$HOMEDIR/$user"
+	if [ "$user" = "$ROOT_USER" ]; then
+		setfacl -m "g:$ROOT_USER:r-x" "$HOMEDIR/$user"
 	else
 		usermod -a -G "hestia-users" "$user"
 		setfacl -m "u:$user:r-x" "$HOMEDIR/$user"

func/remote.sh

@@ -99,8 +99,11 @@ send_ssh_cmd() {
 }
 
 send_scp_file() {
+	if [ -z "$IDENTITY_FILE" ] && [ "$USER" = 'root' ]; then
+		IDENTITY_FILE="/root/.ssh/id_rsa"
+	fi
 	if [ -z "$IDENTITY_FILE" ]; then
-		IDENTITY_FILE="/home/admin/.ssh/id_rsa"
+		IDENTITY_FILE="/home/$USER/.ssh/id_rsa"
 	fi
 	scp -P $PORT -i $IDENTITY_FILE $1 $USER@$HOST:$2 > /dev/null 2>&1
 	if [ "$?" -ne '0' ]; then
@@ -159,7 +162,7 @@ remote_dns_health_check() {
 				cat $tmpfile
 			else
 				subj="DNS sync failed"
-				email=$($BIN/v-get-user-value admin CONTACT)
+				email=$($BIN/v-get-user-value "$ROOT_USER" CONTACT)
 				cat $tmpfile | $SENDMAIL -s "$subj" $email
 			fi
 

func/syshealth.sh

@@ -534,6 +534,10 @@ function syshealth_repair_system_config() {
 		echo "[ ! ] Adding missing variable to hestia.conf: POLICY_BACKUP_SUSPENDED_USERS ('no')"
 		$BIN/v-change-sys-config-value "POLICY_BACKUP_SUSPENDED_USERS" "no"
 	fi
+	if [[ -z $(check_key_exists 'ROOT_USER') ]]; then
+		echo "[ ! ] Adding missing variable to hestia.conf: ROOT_USER ('admin')"
+		$BIN/v-change-sys-config-value "ROOT_USER" "admin"
+	fi
 
 	touch $HESTIA/conf/hestia.conf.new
 	while IFS='= ' read -r lhs rhs; do
@@ -559,21 +563,28 @@ function syshealth_repair_system_config() {
 		cp $HESTIA/conf/hestia.conf.new $HESTIA/conf/hestia.conf
 		rm $HESTIA/conf/hestia.conf.new
 	fi
+
+	source_conf "$HESTIA/conf/hestia.conf"
 }
 
 # Repair System Cron Jobs
-# Add default cron jobs to "admin" user account's cron tab
+# Add default cron jobs to "hestiaweb" user account's cron tab
 function syshealth_repair_system_cronjobs() {
-	$BIN/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "sudo $BIN/v-update-sys-queue restart" '' 'no'
-	$BIN/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "sudo $BIN/v-update-sys-queue daily" '' 'no'
-	$BIN/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "sudo $BIN/v-update-sys-queue disk" '' 'no'
-	$BIN/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "sudo $BIN/v-update-sys-queue traffic" '' 'no'
-	$BIN/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "sudo $BIN/v-update-sys-queue webstats" '' 'no'
-	$BIN/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "sudo $BIN/v-update-sys-queue backup" '' 'no'
-	$BIN/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "sudo $BIN/v-backup-users" '' 'no'
-	$BIN/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "sudo $BIN/v-update-user-stats" '' 'no'
-	$BIN/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "sudo $BIN/v-update-sys-rrd" '' 'no'
-	$BIN/v-restart-cron
+	min=$(gen_pass '012345' '2')
+	hour=$(gen_pass '1234567' '1')
+	echo "MAILTO=$email" > /var/spool/cron/crontabs/hestiaweb
+	echo "CONTENT_TYPE=\"text/plain; charset=utf-8\"" >> /var/spool/cron/crontabs/hestiaweb
+	echo "*/2 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue restart" >> /var/spool/cron/crontabs/hestiaweb
+	echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue daily" >> /var/spool/cron/crontabs/hestiaweb
+	echo "15 02 * * * sudo /usr/local/hestia/bin/v-update-sys-queue disk" >> /var/spool/cron/crontabs/hestiaweb
+	echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue traffic" >> /var/spool/cron/crontabs/hestiaweb
+	echo "30 03 * * * sudo /usr/local/hestia/bin/v-update-sys-queue webstats" >> /var/spool/cron/crontabs/hestiaweb
+	echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue backup" >> /var/spool/cron/crontabs/hestiaweb
+	echo "10 05 * * * sudo /usr/local/hestia/bin/v-backup-users" >> /var/spool/cron/crontabs/hestiaweb
+	echo "20 00 * * * sudo /usr/local/hestia/bin/v-update-user-stats" >> /var/spool/cron/crontabs/hestiaweb
+	echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-rrd" >> /var/spool/cron/crontabs/hestiaweb
+	echo "$min $hour * * * sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl" >> /var/spool/cron/crontabs/hestiaweb
+	echo "41 4 * * * sudo /usr/local/hestia/bin/v-update-sys-hestia-all" >> /var/spool/cron/crontabs/hestiaweb
 }
 
 # Adapt Port Listing in HESTIA NGINX Backend

func/upgrade.sh

@@ -180,23 +180,31 @@ upgrade_set_branch() {
 }
 
 upgrade_send_notification_to_panel() {
+	# If ROOT_USER is not set fallback to admin
+	if [ -z "$ROOT_USER" ]; then
+		ROOT_USER="admin"
+	fi
 	# Add notification to panel if variable is set to true or is not set
 	if [[ "$new_version" =~ "alpha" ]]; then
 		# Send notifications for development releases
-		$BIN/v-add-user-notification admin 'Development snapshot installed' '<p><span class="u-text-bold">Version:</span> '$new_version'<br><span class="u-text-bold">Code Branch:</span> '$RELEASE_BRANCH'</p><p>Please report any bugs by <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">opening an issue on GitHub</a>, and feel free to share your feedback on our <a href="https://forum.hestiacp.com" target="_blank">discussion forum</a>.</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Development snapshot installed' '<p><span class="u-text-bold">Version:</span> '$new_version'<br><span class="u-text-bold">Code Branch:</span> '$RELEASE_BRANCH'</p><p>Please report any bugs by <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">opening an issue on GitHub</a>, and feel free to share your feedback on our <a href="https://forum.hestiacp.com" target="_blank">discussion forum</a>.</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
 	elif [[ "$new_version" =~ "beta" ]]; then
 		# Send feedback notification for beta releases
-		$BIN/v-add-user-notification admin 'Thank you for testing Hestia Control Panel '$new_version'.' '<p>Please share your feedback with our development team through our <a href="https://forum.hestiacp.com" target="_blank">discussion forum</a>.</p><p>Found a bug? <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">Open an issue on GitHub</a>!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Thank you for testing Hestia Control Panel '$new_version'.' '<p>Please share your feedback with our development team through our <a href="https://forum.hestiacp.com" target="_blank">discussion forum</a>.</p><p>Found a bug? <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">Open an issue on GitHub</a>!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
 	else
 		# Send normal upgrade complete notification for stable releases
-		$BIN/v-add-user-notification admin 'Upgrade complete' '<p>Hestia Control Panel has been updated to <span class="u-text-bold">v'$new_version'</span>.</p><p><a href="https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md" target="_blank">View release notes</a></p><p>Please report any bugs by <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">opening an issue on GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Upgrade complete' '<p>Hestia Control Panel has been updated to <span class="u-text-bold">v'$new_version'</span>.</p><p><a href="https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md" target="_blank">View release notes</a></p><p>Please report any bugs by <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">opening an issue on GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
 	fi
 }
 
 upgrade_send_notification_to_email() {
+	# If ROOT_USER is not set fallback to admin
+	if [ -z "$ROOT_USER" ]; then
+		ROOT_USER="admin"
+	fi
 	if [ "$UPGRADE_SEND_EMAIL" = "true" ]; then
 		# Retrieve admin email address, sendmail path, and message temp file path
-		admin_email=$($BIN/v-list-user admin json | grep "CONTACT" | cut -d'"' -f4)
+		admin_email=$($BIN/v-list-user "$ROOT_USER" json | grep "CONTACT" | cut -d'"' -f4)
 		send_mail="$HESTIA/web/inc/mail-wrapper.php"
 		message_tmp_file="/tmp/hestia-upgrade-complete.txt"
 

install/common/sudo/hestiaweb

@@ -0,0 +1,4 @@
+Defaults:root !requiretty
+
+# sudo is limited to hestia scripts
+hestiaweb   ALL=NOPASSWD:/usr/local/hestia/bin/*

install/deb/filemanager/install-fm.sh

@@ -1,71 +0,0 @@
-#!/bin/bash
-
-# Checking root permissions
-if [ "x$(id -u)" != 'x0' ]; then
-	echo "Error: Script can be run executed only by root"
-	exit 10
-fi
-
-if [ -z "$HESTIA" ]; then
-	HESTIA="/usr/local/hestia"
-fi
-
-user='admin'
-fm_error='no'
-source $HESTIA/func/main.sh
-source $HESTIA/install/upgrade/upgrade.conf
-
-if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
-	echo "Error: Hestia environment vars not present"
-	exit 2
-fi
-
-FM_INSTALL_DIR="$HESTIA/web/fm"
-
-FM_FILE="filegator_latest"
-FM_URL="https://github.com/filegator/static/raw/master/builds/filegator_latest.zip"
-
-COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
-if [ ! -f "$COMPOSER_BIN" ]; then
-	$BIN/v-add-user-composer "$user"
-	if [ $? -ne 0 ]; then
-		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer from a shell session:<br><code>bash $HESTIA/install/deb/filemanager/install-fm.sh</code></p><p>If this issue continues, please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
-		fm_error='yes'
-	fi
-fi
-
-if [ "$fm_error" != "yes" ]; then
-	rm --recursive --force "$FM_INSTALL_DIR"
-	mkdir -p "$FM_INSTALL_DIR"
-	cd "$FM_INSTALL_DIR"
-
-	[ ! -f "${FM_INSTALL_DIR}/${FM_FILE}" ] && wget "$FM_URL" --quiet -O "${FM_INSTALL_DIR}/${FM_FILE}.zip"
-
-	unzip -qq "${FM_INSTALL_DIR}/${FM_FILE}.zip"
-	mv --force ${FM_INSTALL_DIR}/filegator/* "${FM_INSTALL_DIR}"
-	rm --recursive --force ${FM_INSTALL_DIR}/${FM_FILE}
-	[[ -f "${FM_INSTALL_DIR}/${FM_FILE}" ]] && rm "${FM_INSTALL_DIR}/${FM_FILE}"
-
-	cp --recursive --force ${HESTIA_INSTALL_DIR}/filemanager/filegator/* "${FM_INSTALL_DIR}"
-
-	chown $user: -R "${FM_INSTALL_DIR}"
-
-	# Check if php7.3 is available and run the installer
-	if [ -f "/usr/bin/php7.3" ]; then
-		COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php7.3 $COMPOSER_BIN --quiet --no-dev install
-		if [ $? -ne 0 ]; then
-			$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p>Please try running the installer from a shell session:<br><code>bash $HESTIA/install/deb/filemanager/install-fm.sh</code></p><p>If this issue continues, please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
-			fm_error="yes"
-		fi
-	else
-		$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p class="u-text-bold">Unable to proceed with installation of File Manager.</p><p>Package <span class="u-text-bold">php7.3-cli</span> is missing from your system. Please check your PHP installation and environment settings.</p>'
-		fm_error="yes"
-	fi
-
-	if [ "$fm_error" != "yes" ]; then
-		chown root: -R "${FM_INSTALL_DIR}"
-		chown $user: "${FM_INSTALL_DIR}/private"
-		chown $user: "${FM_INSTALL_DIR}/private/logs"
-		chown $user: "${FM_INSTALL_DIR}/repository"
-	fi
-fi

install/deb/sudo/admin

@@ -1,10 +0,0 @@
-# Created by hestia installer
-Defaults env_keep="VESTA"
-Defaults env_keep+="HESTIA"
-Defaults:admin !syslog
-Defaults:admin !requiretty
-Defaults:root !requiretty
-
-# sudo is limited to hestia scripts
-admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
-admin   ALL=NOPASSWD:/usr/local/hestia/bin/*

install/hst-install-debian.sh

@@ -77,6 +77,7 @@ help() {
   -y, --interactive       Interactive install   [yes|no]  default: yes
   -s, --hostname          Set hostname
   -e, --email             Set admin email
+	-u, --username          Set admin user
   -p, --password          Set admin password
   -D, --with-debs         Path to Hestia debs
   -f, --force             Force installation
@@ -162,6 +163,24 @@ sort_config_file() {
 	cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
 }
 
+# todo add check for usernames that are blocked
+validate_username() {
+	if [[ "$username" =~ ^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$ ]]; then
+		# Username valid
+		return 1
+	else
+		return 0
+	fi
+}
+
+validate_password() {
+	if [ -z "$vpass" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
 # Validate hostname according to RFC1178
 validate_hostname() {
 	# remove extra .
@@ -225,6 +244,7 @@ for arg; do
 		--api) args="${args}-d " ;;
 		--hostname) args="${args}-s " ;;
 		--email) args="${args}-e " ;;
+		--username) args="${args}-u " ;;
 		--password) args="${args}-p " ;;
 		--force) args="${args}-f " ;;
 		--with-debs) args="${args}-D " ;;
@@ -238,7 +258,7 @@ done
 eval set -- "$args"
 
 # Parsing arguments
-while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:W:D:fh" Option; do
+while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:u:e:p:W:D:fh" Option; do
 	case $Option in
 		a) apache=$OPTARG ;;      # Apache
 		w) phpfpm=$OPTARG ;;      # PHP-FPM
@@ -264,6 +284,7 @@ while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:W:D:fh" Option; d
 		y) interactive=$OPTARG ;; # Interactive install
 		s) servername=$OPTARG ;;  # Hostname
 		e) email=$OPTARG ;;       # Admin email
+		u) username=$OPTARG ;;    # Admin username
 		p) vpass=$OPTARG ;;       # Admin password
 		D) withdebs=$OPTARG ;;    # Hestia debs path
 		f) force='yes' ;;         # Force install
@@ -343,12 +364,12 @@ if [ -d "/usr/local/hestia" ]; then
 	check_result 1 "Hestia install detected. Unable to continue"
 fi
 
-# Checking admin user account
-if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then
-	echo 'Please remove admin user account before proceeding.'
+# Checking $username user account
+if [ -n "$(grep ^$username: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then
+	echo "Please remove $username user account before proceeding."
 	echo 'If you want to do it automatically run installer with -f option:'
 	echo -e "Example: bash $0 --force\n"
-	check_result 1 "User admin exists"
+	check_result 1 "User $username exists"
 fi
 
 # Clear the screen once launch permissions have been verified
@@ -613,6 +634,32 @@ if [ "$interactive" = 'yes' ]; then
 	fi
 fi
 
+#Validate Username / Password / Email / Hostname even when interactive = no
+# Asking for contact email
+if [ -z "$username" ]; then
+	while validate_username; do
+		echo -e "\nPlease use a valid username (ex. user)."
+		read -p 'Please enter administrator username: ' username
+	done
+else
+	if validate_username; then
+		echo "Please use a valid username (ex. user)."
+		exit 1
+	fi
+fi
+
+#Ask for the password
+if [ -z "$vpass" ]; then
+	while validate_password; do
+		read -p 'Please enter administrator password: ' vpass
+	done
+else
+	if validate_password; then
+		echo "Please use a valid password"
+		exit 1
+	fi
+fi
+
 # Validate Email / Hostname even when interactive = no
 # Asking for contact email
 if [ -z "$email" ]; then
@@ -1060,6 +1107,13 @@ rm -f /usr/sbin/policy-rc.d
 
 echo "[ * ] Configuring system settings..."
 
+# Generate a random password
+random_password=$(gen_pass '32')
+# Create the new hestiaweb user
+/usr/sbin/useradd "hestiaweb" -c "$email" --no-create-home
+# do not allow login into hestiaweb user
+echo hestiaweb:$random_password | sudo chpasswd -e
+
 # Enable SFTP subsystem for SSH
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 if [ -n "$sftp_subsys_enabled" ]; then
@@ -1123,8 +1177,8 @@ fi
 echo "[ * ] Configuring Hestia Control Panel..."
 # Installing sudo configuration
 mkdir -p /etc/sudoers.d
-cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
-chmod 440 /etc/sudoers.d/admin
+cp -f $HESTIA_COMMON_DIR/sudo/hestiaweb /etc/sudoers.d/
+chmod 440 /etc/sudoers.d/hestiaweb
 
 # Add Hestia global config
 if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
@@ -1287,6 +1341,9 @@ write_config_value "RELEASE_BRANCH" "release"
 write_config_value "UPGRADE_SEND_EMAIL" "true"
 write_config_value "UPGRADE_SEND_EMAIL_LOG" "false"
 
+# Set "root" user
+write_config_value "ROOT_USER" "$username"
+
 # Installing hosting packages
 cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/
 
@@ -1380,18 +1437,6 @@ rm /tmp/hst.pem
 # Install dhparam.pem
 cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
 
-# Deleting old admin user
-if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	userdel -f admin > /dev/null 2>&1
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1
-	rm -f /tmp/sess_* > /dev/null 2>&1
-fi
-if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
-	groupdel admin > /dev/null 2>&1
-fi
-
 # Enable sftp jail
 echo "[ * ] Enabling SFTP jail..."
 $HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
@@ -1399,11 +1444,11 @@ check_result $? "can't enable sftp jail"
 
 # Adding Hestia admin account
 echo "[ * ] Creating default admin account..."
-$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator"
+$HESTIA/bin/v-add-user "$username" "$vpass" "$email" "default" "System Administrator"
 check_result $? "can't create admin user"
-$HESTIA/bin/v-change-user-shell admin nologin
-$HESTIA/bin/v-change-user-role admin admin
-$HESTIA/bin/v-change-user-language admin $lang
+$HESTIA/bin/v-change-user-shell "$username" nologin
+$HESTIA/bin/v-change-user-role "$username" admin
+$HESTIA/bin/v-change-user-language "$username" "$lang"
 $HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes'
 
 #----------------------------------------------------------#
@@ -2203,35 +2248,27 @@ if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then
 fi
 
 # Adding default domain
-$HESTIA/bin/v-add-web-domain admin "$servername" "$ip"
+$HESTIA/bin/v-add-web-domain "$username" "$servername" "$ip"
 check_result $? "can't create $servername domain"
 
 # Adding cron jobs
 export SCHEDULED_RESTART="yes"
-command="sudo $HESTIA/bin/v-update-sys-queue restart"
-$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
-systemctl restart cron
-
-command="sudo $HESTIA/bin/v-update-sys-queue daily"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue disk"
-$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue traffic"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue webstats"
-$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue backup"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-backup-users"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-user-stats"
-$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-rrd"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-letsencrypt-ssl"
+
 min=$(gen_pass '012345' '2')
 hour=$(gen_pass '1234567' '1')
-$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
+echo "MAILTO=\"\"" > /var/spool/cron/crontabs/hestiaweb
+echo "CONTENT_TYPE=\"text/plain; charset=utf-8\"" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/2 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue restart" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue daily" >> /var/spool/cron/crontabs/hestiaweb
+echo "15 02 * * * sudo /usr/local/hestia/bin/v-update-sys-queue disk" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue traffic" >> /var/spool/cron/crontabs/hestiaweb
+echo "30 03 * * * sudo /usr/local/hestia/bin/v-update-sys-queue webstats" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue backup" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 05 * * * sudo /usr/local/hestia/bin/v-backup-users" >> /var/spool/cron/crontabs/hestiaweb
+echo "20 00 * * * sudo /usr/local/hestia/bin/v-update-user-stats" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-rrd" >> /var/spool/cron/crontabs/hestiaweb
+echo "$min $hour * * * sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl" >> /var/spool/cron/crontabs/hestiaweb
+echo "41 4 * * * sudo /usr/local/hestia/bin/v-update-sys-hestia-all" >> /var/spool/cron/crontabs/hestiaweb
 
 # Enable automatic updates
 $HESTIA/bin/v-add-cron-hestia-autoupdate apt
@@ -2261,7 +2298,7 @@ echo
 update-rc.d hestia defaults
 systemctl start hestia
 check_result $? "hestia start failed"
-chown admin:admin $HESTIA/data/sessions
+chown hestiaweb:hestiaweb $HESTIA/data/sessions
 
 # Create backup folder and set correct permission
 mkdir -p /backup/
@@ -2310,7 +2347,7 @@ Ready to get started? Log in using the following credentials:
 if [ "$host_ip" != "$ip" ]; then
 	echo "	Backup URL: https://$ip:$port" >> $tmpfile
 fi
-echo -e -n " 	Username:   admin
+echo -e -n " 	Username:   $username
 	Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
@@ -2345,7 +2382,7 @@ cat $tmpfile
 rm -f $tmpfile
 
 # Add welcome message to notification panel
-$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<p>You are now ready to begin adding <a href="/add/user/">user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, <a href="https://hestiacp.com/docs/" target="_blank">view the documentation</a> or <a href="https://forum.hestiacp.com/" target="_blank">visit our forum</a>.</p><p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">report any issues via GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
+$HESTIA/bin/v-add-user-notification "$username" 'Welcome to Hestia Control Panel!' '<p>You are now ready to begin adding <a href="/add/user/">user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, <a href="https://hestiacp.com/docs/" target="_blank">view the documentation</a> or <a href="https://forum.hestiacp.com/" target="_blank">visit our forum</a>.</p><p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">report any issues via GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
 
 # Clean-up
 # Sort final configuration file

install/hst-install-ubuntu.sh

@@ -77,6 +77,7 @@ help() {
   -y, --interactive       Interactive install   [yes|no]  default: yes
   -s, --hostname          Set hostname
   -e, --email             Set admin email
+	-u, --username          Set admin user
   -p, --password          Set admin password
   -D, --with-debs         Path to Hestia debs
   -f, --force             Force installation
@@ -162,6 +163,24 @@ sort_config_file() {
 	cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
 }
 
+# todo add check for usernames that are blocked
+validate_username() {
+	if [[ "$username" =~ ^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$ ]]; then
+		# Username valid
+		return 1
+	else
+		return 0
+	fi
+}
+
+validate_password() {
+	if [ -z "$vpass" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
 # Validate hostname according to RFC1178
 validate_hostname() {
 	# remove extra .
@@ -225,6 +244,7 @@ for arg; do
 		--api) args="${args}-d " ;;
 		--hostname) args="${args}-s " ;;
 		--email) args="${args}-e " ;;
+		--username) args="${args}-u " ;;
 		--password) args="${args}-p " ;;
 		--force) args="${args}-f " ;;
 		--with-debs) args="${args}-D " ;;
@@ -238,7 +258,7 @@ done
 eval set -- "$args"
 
 # Parsing arguments
-while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:W:D:fh" Option; do
+while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:u:e:p:W:D:fh" Option; do
 	case $Option in
 		a) apache=$OPTARG ;;      # Apache
 		w) phpfpm=$OPTARG ;;      # PHP-FPM
@@ -264,6 +284,7 @@ while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:W:D:fh" Option; d
 		y) interactive=$OPTARG ;; # Interactive install
 		s) servername=$OPTARG ;;  # Hostname
 		e) email=$OPTARG ;;       # Admin email
+		u) username=$OPTARG ;;    # Admin username
 		p) vpass=$OPTARG ;;       # Admin password
 		D) withdebs=$OPTARG ;;    # Hestia debs path
 		f) force='yes' ;;         # Force install
@@ -599,7 +620,20 @@ if [ "$interactive" = 'yes' ]; then
 	fi
 fi
 
-# Validate Email / Hostname even when interactive = no
+#Validate Username / Password / Email / Hostname even when interactive = no
+# Asking for contact email
+if [ -z "$username" ]; then
+	while validate_username; do
+		echo -e "\nPlease use a valid username (ex. user)."
+		read -p 'Please enter administrator username: ' username
+	done
+else
+	if validate_username; then
+		echo "Please use a valid username (ex. user)."
+		exit 1
+	fi
+fi
+
 # Asking for contact email
 if [ -z "$email" ]; then
 	while validate_email; do
@@ -1041,6 +1075,13 @@ rm -f /usr/sbin/policy-rc.d
 
 echo "[ * ] Configuring system settings..."
 
+# Generate a random password
+random_password=$(gen_pass '32')
+# Create the new hestiaweb user
+/usr/sbin/useradd "hestiaweb" -c "$email" --no-create-home
+# do not allow login into hestiaweb user
+echo hestiaweb:$random_password | sudo chpasswd -e
+
 # Enable SFTP subsystem for SSH
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 if [ -n "$sftp_subsys_enabled" ]; then
@@ -1139,8 +1180,8 @@ fi
 echo "[ * ] Configuring Hestia Control Panel..."
 # Installing sudo configuration
 mkdir -p /etc/sudoers.d
-cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
-chmod 440 /etc/sudoers.d/admin
+cp -f $HESTIA_COMMON_DIR/sudo/hestiaweb /etc/sudoers.d/
+chmod 440 /etc/sudoers.d/hestiaweb
 
 # Add Hestia global config
 if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
@@ -1299,6 +1340,9 @@ write_config_value "RELEASE_BRANCH" "release"
 write_config_value "UPGRADE_SEND_EMAIL" "true"
 write_config_value "UPGRADE_SEND_EMAIL_LOG" "false"
 
+# Set "root" user
+write_config_value "ROOT_USER" "$username"
+
 # Installing hosting packages
 cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/
 
@@ -1393,21 +1437,6 @@ rm /tmp/hst.pem
 # Install dhparam.pem
 cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
 
-# Deleting old admin user
-if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	userdel -f admin > /dev/null 2>&1
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1
-	rm -f /tmp/sess_* > /dev/null 2>&1
-fi
-if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
-	groupdel admin > /dev/null 2>&1
-fi
-
-# Remove sudo "default" sudo permission admin user group should not exists any way
-sed -i "s/%admin ALL=(ALL) ALL/#%admin ALL=(ALL) ALL/g" /etc/sudoers
-
 # Enable sftp jail
 echo "[ * ] Enabling SFTP jail..."
 $HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
@@ -1415,11 +1444,11 @@ check_result $? "can't enable sftp jail"
 
 # Adding Hestia admin account
 echo "[ * ] Creating default admin account..."
-$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator"
+$HESTIA/bin/v-add-user $username $vpass $email "default" "System Administrator"
 check_result $? "can't create admin user"
-$HESTIA/bin/v-change-user-shell admin nologin
-$HESTIA/bin/v-change-user-role admin admin
-$HESTIA/bin/v-change-user-language admin $lang
+$HESTIA/bin/v-change-user-shell $username nologin
+$HESTIA/bin/v-change-user-role $username admin
+$HESTIA/bin/v-change-user-language $username $lang
 $HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes'
 
 #----------------------------------------------------------#
@@ -2178,35 +2207,27 @@ if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then
 fi
 
 # Adding default domain
-$HESTIA/bin/v-add-web-domain admin "$servername" "$ip"
+$HESTIA/bin/v-add-web-domain "$username" "$servername" "$ip"
 check_result $? "can't create $servername domain"
 
 # Adding cron jobs
 export SCHEDULED_RESTART="yes"
-command="sudo $HESTIA/bin/v-update-sys-queue restart"
-$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
-systemctl restart cron
-
-command="sudo $HESTIA/bin/v-update-sys-queue daily"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue disk"
-$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue traffic"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue webstats"
-$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue backup"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-backup-users"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-user-stats"
-$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-rrd"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-letsencrypt-ssl"
+
 min=$(gen_pass '012345' '2')
 hour=$(gen_pass '1234567' '1')
-$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
+echo "MAILTO=\"\"" > /var/spool/cron/crontabs/hestiaweb
+echo "CONTENT_TYPE=\"text/plain; charset=utf-8\"" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/2 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue restart" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue daily" >> /var/spool/cron/crontabs/hestiaweb
+echo "15 02 * * * sudo /usr/local/hestia/bin/v-update-sys-queue disk" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 00 * * * sudo /usr/local/hestia/bin/v-update-sys-queue traffic" >> /var/spool/cron/crontabs/hestiaweb
+echo "30 03 * * * sudo /usr/local/hestia/bin/v-update-sys-queue webstats" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue backup" >> /var/spool/cron/crontabs/hestiaweb
+echo "10 05 * * * sudo /usr/local/hestia/bin/v-backup-users" >> /var/spool/cron/crontabs/hestiaweb
+echo "20 00 * * * sudo /usr/local/hestia/bin/v-update-user-stats" >> /var/spool/cron/crontabs/hestiaweb
+echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-rrd" >> /var/spool/cron/crontabs/hestiaweb
+echo "$min $hour * * * sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl" >> /var/spool/cron/crontabs/hestiaweb
+echo "41 4 * * * sudo /usr/local/hestia/bin/v-update-sys-hestia-all" >> /var/spool/cron/crontabs/hestiaweb
 
 # Enable automatic updates
 $HESTIA/bin/v-add-cron-hestia-autoupdate apt
@@ -2236,7 +2257,7 @@ echo
 update-rc.d hestia defaults
 systemctl start hestia
 check_result $? "hestia start failed"
-chown admin:admin $HESTIA/data/sessions
+chown hestiaweb:hestiaweb $HESTIA/data/sessions
 
 # Create backup folder and set correct permission
 mkdir -p /backup/
@@ -2284,7 +2305,7 @@ Ready to get started? Log in using the following credentials:
 if [ "$host_ip" != "$ip" ]; then
 	echo "	Backup URL: https://$ip:$port" >> $tmpfile
 fi
-echo -e -n " 	Username:   admin
+echo -e -n " 	Username:   $username
 	Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
@@ -2319,7 +2340,7 @@ cat $tmpfile
 rm -f $tmpfile
 
 # Add welcome message to notification panel
-$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<p>You are now ready to begin adding <a href="/add/user/">user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, <a href="https://hestiacp.com/docs/" target="_blank">view the documentation</a> or <a href="https://forum.hestiacp.com/" target="_blank">visit our forum</a>.</p><p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">report any issues via GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
+$HESTIA/bin/v-add-user-notification "$username" 'Welcome to Hestia Control Panel!' '<p>You are now ready to begin adding <a href="/add/user/">user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, <a href="https://hestiacp.com/docs/" target="_blank">view the documentation</a> or <a href="https://forum.hestiacp.com/" target="_blank">visit our forum</a>.</p><p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">report any issues via GitHub</a>.</p><p class="u-text-bold">Have a wonderful day!</p><p><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team</p>'
 
 # Clean-up
 # Sort final configuration file

install/upgrade/versions/1.9.0.sh

@@ -37,3 +37,37 @@ if [ ! -f $apt/nodesource.list ] && [ ! -z $(which "node") ]; then
 	echo "deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x $codename main" >> $apt/nodesource.list
 	curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg > /dev/null 2>&1
 fi
+
+# Check if hestiaweb exists
+if [ -z "$(grep ^hestiaweb: /etc/passwd)" ]; then
+	# Generate a random password
+	random_password=$(generate_password '32')
+	# Create the new hestiaweb user
+	/usr/sbin/useradd "hestiaweb" -c "$email" --no-create-home
+	# do not allow login into hestiaweb user
+	echo hestiaweb:$random_password | sudo chpasswd -e
+	cp $HESTIA_COMMON_DIR/sudo/hestiaweb /etc/sudoers.d/
+	# Keep enabled for now
+	# Remove sudo permissions admin user
+	#rm /etc/sudoers.d/admin/
+fi
+
+# Check if cronjobs have been migrated
+if [ ! -f "/var/spool/cron/crontabs/hestiaweb" ]; then
+	echo "MAILTO=\"\"" > /var/spool/cron/crontabs/hestiaweb
+	echo "CONTENT_TYPE=\"text/plain; charset=utf-8\"" >> /var/spool/cron/crontabs/hestiaweb
+	while read line; do
+		parse_object_kv_list "$line"
+		if [ -n "$(echo "$CMD" | grep ^sudo)" ]; then
+			echo "$MIN $HOUR $DAY $MONTH $WDAY $CMD" \
+				| sed -e "s/%quote%/'/g" -e "s/%dots%/:/g" \
+					>> /var/spool/cron/crontabs/hestiaweb
+			$BIN/v-delete-cron-job admin "$JOB"
+		fi
+	done < $HESTIA/data/users/admin/cron.conf
+fi
+
+chown hestiaweb:hestiaweb /usr/local/hestia/data/sessions
+
+$BIN/v-add-user-notification 'admin' 'Hestia securirty has been upgraded' 'Here should come a nice message about the upgrade and how to change the user name of the admin user!'
+add_upgrade_message 'Here should come a nice message about the upgrade and how to change the user name of the admin user!'

src/deb/hestia/postinst

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+if [ ! -e "/usr/local/hestia/data/users/" ]; then
 	exit
 fi
 

src/deb/nginx/nginx.conf

@@ -1,5 +1,5 @@
 # Server globals
-user                 admin;
+user                 hestiaweb;
 worker_processes     1;
 worker_rlimit_nofile 65535;
 error_log            /var/log/hestia/nginx-error.log;

src/deb/nginx/postinst

@@ -15,7 +15,7 @@ source /usr/local/hestia/func/syshealth.sh # Load syshealth functions
 syshealth_adapt_hestia_nginx_listen_ports  # Adapt port listing
 
 # Run triggers only on updates
-if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+if [ ! -e "/usr/local/hestia/data/users/" ]; then
 	exit
 fi
 

src/deb/php/php-fpm.conf

@@ -10,11 +10,11 @@ events.mechanism = epoll
 [www]
 listen = /run/hestia-php.sock
 
-user = admin
-group = admin
+user = hestiaweb
+group = hestiaweb
 
-listen.owner = admin
-listen.group = admin
+listen.owner = hestiaweb
+listen.group = hestiaweb
 listen.mode = 0660
 
 pm = ondemand
@@ -28,12 +28,12 @@ env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp
 env[HESTIA] = $HESTIA
-env[VESTA] = $HESTIA
 env[LANG] = en_US.UTF-8
 
 php_flag[display_errors] = off
 php_admin_flag[log_errors] = on
 php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[session.use_strict_mode] = on
 php_admin_flag[session.cookie_secure] = on
 php_admin_value[memory_limit] = 256M
 php_admin_value[post_max_size] = 256M
@@ -41,4 +41,3 @@ php_admin_value[upload_max_filesize] = 256M
 php_admin_value[max_execution_time] = 300
 php_admin_value[max_input_time] = 300
 php_admin_value[session.save_path] = /usr/local/hestia/data/sessions
-php_admin_value[open_basedir] = /usr/local/hestia/:/tmp/:/dev/:/home/:/etc/ssh/:/backup/:/var/tmp/

src/deb/php/php.ini

@@ -1383,7 +1383,7 @@ session.save_path = "/tmp"
 ; vulnerability. It is disabled by default for maximum compatibility, but
 ; enabling it is encouraged.
 ; https://wiki.php.net/rfc/strict_sessions
-session.use_strict_mode = 0
+session.use_strict_mode = 1
 
 ; Whether to use cookies.
 ; https://php.net/session.use-cookies
@@ -1401,7 +1401,7 @@ session.use_only_cookies = 1
 
 ; Name of the session (used as cookie name).
 ; https://php.net/session.name
-session.name = PHPSESSID
+session.name = HESTIASID
 
 ; Initialize session on request startup.
 ; https://php.net/session.auto-start

src/deb/php/postinst

@@ -7,7 +7,7 @@ if [ "$1" != "configure" ]; then
 fi
 
 # Run triggers below only on updates
-if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+if [ ! -e "/usr/local/hestia/data/users/" ]; then
 	exit
 fi
 

src/rpm/hestia/hestia.spec

@@ -36,7 +36,7 @@ cp -R %{_builddir}/hestiacp/* %{buildroot}/usr/local/hestia/
 
 %pre
 # Run triggers only on updates
-if [ -e "/usr/local/hestia/data/users/admin" ]; then
+if [ -e "/usr/local/hestia/data/users/" ]; then
     # Validate version number and replace if different
     HESTIA_V=$(rpm --queryformat="%{VERSION}" -q hestia)
     if [ ! "$HESTIA_V" = "%{version}" ]; then
@@ -56,7 +56,7 @@ if [ ! -e /etc/profile.d/hestia.sh ]; then
     source /etc/profile.d/hestia.sh
 fi
 
-if [ -e "/usr/local/hestia/data/users/admin" ]; then
+if [ -e "/usr/local/hestia/data/users/" ]; then
     ###############################################################
     #                Initialize functions/variables               #
     ###############################################################

src/rpm/nginx/nginx.conf

@@ -1,5 +1,5 @@
 # Server globals
-user                 admin;
+user                 hestiaweb;
 worker_processes     1;
 worker_rlimit_nofile 65535;
 error_log            /var/log/hestia/nginx-error.log;

src/rpm/php/php-fpm.conf

@@ -10,11 +10,11 @@ events.mechanism = epoll
 [www]
 listen = /run/hestia-php.sock
 
-user = admin
-group = admin
+user = hestiaweb
+group = hestiaweb
 
-listen.owner = admin
-listen.group = admin
+listen.owner = hestiaweb
+listen.group = hestiaweb
 listen.mode = 0660
 
 pm = ondemand
@@ -28,12 +28,12 @@ env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp
 env[HESTIA] = $HESTIA
-env[VESTA] = $HESTIA
 env[LANG] = en_US.UTF-8
 
 php_flag[display_errors] = off
 php_admin_flag[log_errors] = on
 php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[session.use_strict_mode] = on
 php_admin_flag[session.cookie_secure] = on
 php_admin_value[memory_limit] = 256M
 php_admin_value[post_max_size] = 256M

src/rpm/php/php.ini

@@ -1383,7 +1383,7 @@ session.save_path = "/tmp"
 ; vulnerability. It is disabled by default for maximum compatibility, but
 ; enabling it is encouraged.
 ; https://wiki.php.net/rfc/strict_sessions
-session.use_strict_mode = 0
+session.use_strict_mode = 1
 
 ; Whether to use cookies.
 ; https://php.net/session.use-cookies
@@ -1401,7 +1401,7 @@ session.use_only_cookies = 1
 
 ; Name of the session (used as cookie name).
 ; https://php.net/session.name
-session.name = PHPSESSID
+session.name = HESTIASID
 
 ; Initialize session on request startup.
 ; https://php.net/session.auto-start

web/add/access-key/index.php

@@ -11,7 +11,10 @@ $api_status =
 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
 		? $_SESSION["API_SYSTEM"]
 		: 0;
-if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
+if (
+	($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
+	($_SESSION["ROOT_USER"] != "admin" && $api_status < 2)
+) {
 	header("Location: /edit/user/");
 	exit();
 }

web/add/cron/autoupdate/index.php

@@ -7,7 +7,7 @@ verify_csrf($_GET);
 
 if (
 	($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") ||
-	$_SESSION["user"] == "admin"
+	$_SESSION["user"] == $_SESSION["ROOT_USER"]
 ) {
 	exec(HESTIA_CMD . "v-add-cron-hestia-autoupdate", $output, $return_var);
 	unset($output);

web/api/index.php

@@ -77,7 +77,11 @@ function api_legacy(array $request_data) {
 	//This exists, so native JSON can be used without the repeating the code twice, so future code changes are easier and don't need to be replicated twice
 	// Authentication
 	if (empty($request_data["hash"])) {
-		if ($request_data["user"] != "admin") {
+		exec(HESTIA_CMD . "v-list-sys-config json", $output, $return_var);
+		$data = json_decode(implode("", $output), true);
+		$root_user = $data["config"]["ROOT_USER"];
+
+		if ($request_data["user"] != "$root_user") {
 			api_error(E_FORBIDDEN, "Error: authentication failed", $hst_return);
 		}
 		$password = $request_data["password"];
@@ -85,11 +89,12 @@ function api_legacy(array $request_data) {
 			api_error(E_PASSWORD, "Error: authentication failed", $hst_return);
 		}
 		$v_ip = quoteshellarg(get_real_user_ip());
+		$user = quoteshellarg($root_user);
 		unset($output);
-		exec(HESTIA_CMD . "v-get-user-salt admin " . $v_ip . " json", $output, $return_var);
+		exec(HESTIA_CMD . "v-get-user-salt " . $user . " " . $v_ip . " json", $output, $return_var);
 		$pam = json_decode(implode("", $output), true);
-		$salt = $pam["admin"]["SALT"];
-		$method = $pam["admin"]["METHOD"];
+		$salt = $pam[$root_user]["SALT"];
+		$method = $pam[$root_user]["METHOD"];
 
 		if ($method == "md5") {
 			$hash = crypt($password, '$1$' . $salt . '$');
@@ -128,7 +133,11 @@ function api_legacy(array $request_data) {
 		fclose($fp);
 
 		// Check user hash
-		exec(HESTIA_CMD . "v-check-user-hash admin " . $v_hash . " " . $v_ip, $output, $return_var);
+		exec(
+			HESTIA_CMD . "v-check-user-hash " . $user . " " . $v_hash . " " . $v_ip,
+			$output,
+			$return_var,
+		);
 		unset($output);
 
 		// Remove tmp file

web/bulk/access-key/index.php

@@ -18,7 +18,10 @@ $api_status =
 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
 		? $_SESSION["API_SYSTEM"]
 		: 0;
-if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
+if (
+	($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
+	($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)
+) {
 	header("Location: /edit/user/");
 	exit();
 }

web/delete/access-key/index.php

@@ -18,7 +18,10 @@ $api_status =
 	!empty($_SESSION["API_SYSTEM"]) && is_numeric($_SESSION["API_SYSTEM"])
 		? $_SESSION["API_SYSTEM"]
 		: 0;
-if (($user_plain == "admin" && $api_status < 1) || ($user_plain != "admin" && $api_status < 2)) {
+if (
+	($user_plain == $_SESSION["ROOT_USER"] && $api_status < 1) ||
+	($user_plain != $_SESSION["ROOT_USER"] && $api_status < 2)
+) {
 	header("Location: /edit/user/");
 	exit();
 }

web/delete/cron/autoupdate/index.php

@@ -8,7 +8,7 @@ verify_csrf($_GET);
 
 if (
 	($_SESSION["userContext"] === "admin" && $_SESSION["POLICY_SYSTEM_HIDE_SERVICES"] == "no") ||
-	$_SESSION["user"] == "admin"
+	$_SESSION["user"] == $_SESSION["ROOT_USER"]
 ) {
 	exec(HESTIA_CMD . "v-delete-cron-hestia-autoupdate", $output, $return_var);
 	unset($output);

web/edit/user/index.php

@@ -24,11 +24,13 @@ if ($_SESSION["userContext"] === "admin" && !empty($_GET["user"])) {
 
 // Prevent other users with admin privileges from editing properties of default 'admin' user
 if (
-	($_SESSION["userContext"] === "admin" && $_SESSION["look"] != "" && $user == "admin") ||
+	($_SESSION["userContext"] === "admin" &&
+		$_SESSION["look"] != "" &&
+		$user == $_SESSION["ROOT_USER"]) ||
 	($_SESSION["userContext"] === "admin" &&
 		!isset($_SESSION["look"]) &&
 		$user == "admin" &&
-		$_SESSION["user"] != "admin")
+		$_SESSION["user"] != $_SESSION["ROOT_USER"])
 ) {
 	header("Location: /list/user/");
 	exit();

web/inc/main.php

@@ -109,6 +109,7 @@ if (isset($_SESSION["user"])) {
 	$data = json_decode(implode("", $output), true);
 	unset($output, $return_var);
 	$_SESSION["login_shell"] = $data[$username]["SHELL"];
+	$_SESSION["role"] = $data[$username]["ROLE"];
 	unset($data, $username);
 }
 

web/templates/pages/add_db.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>
@@ -33,19 +33,19 @@
 		<div class="form-container">
 			<h1 class="u-mb20"><?= _("Add Database") ?></h1>
 			<?php show_alert_message($_SESSION); ?>
-			<?php if ($user_plain == "admin" && $accept !== "true") { ?>
+			<?php if ($_SESSION["role"] == "admin" && $accept !== "true") { ?>
 				<div class="alert alert-danger" role="alert">
 					<i class="fas fa-exclamation"></i>
 					<p><?= htmlify_trans(sprintf(_("It is strongly advised to {create a standard user account} before adding %s to the server due to the increased privileges the admin account possesses and potential security risks."), _('a database')), '</a>', '<a href="/add/user/">'); ?></p>
 				</div>
 			<?php } ?>
-			<?php if ($user_plain == "admin" && empty($accept)) { ?>
+			<?php if ($_SESSION["role"] == "admin" && empty($accept)) { ?>
 				<div class="u-side-by-side u-mt20">
 					<a href="/add/user/" class="button u-width-full u-mr10"><?= _("Add User") ?></a>
 					<a href="/add/db/?accept=true" class="button button-danger u-width-full u-ml10"><?= _("Continue") ?></a>
 				</div>
 			<?php } ?>
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<p class="hint u-mb20">
 					<?= sprintf(_("Prefix %s will be automatically added to database name and database user"), "<span class=\"u-text-bold\">" . $user_plain . "_</span>") ?>
 				</p>

web/templates/pages/add_dns.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>
@@ -33,19 +33,19 @@
 		<div class="form-container">
 			<h1 class="u-mb20"><?= _("Add DNS Zone") ?></h1>
 			<?php show_alert_message($_SESSION); ?>
-			<?php if ($user_plain == "admin" && $accept !== "true") { ?>
+			<?php if ($_SESSION["role"] == "admin" && $accept !== "true") { ?>
 				<div class="alert alert-danger" role="alert">
 					<i class="fas fa-exclamation"></i>
 					<p><?= htmlify_trans(sprintf(_("It is strongly advised to {create a standard user account} before adding %s to the server due to the increased privileges the admin account possesses and potential security risks."), _('a dns domain')), '</a>', '<a href="/add/user/">'); ?></p>
 				</div>
 			<?php } ?>
-			<?php if ($user_plain == "admin" && empty($accept)) { ?>
+			<?php if ($_SESSION["role"] == "admin" && empty($accept)) { ?>
 				<div class="u-side-by-side u-mt20">
 					<a href="/add/user/" class="button u-width-full u-mr10"><?= _("Add User") ?></a>
 					<a href="/add/dns/?accept=true" class="button button-danger u-width-full u-ml10"><?= _("Continue") ?></a>
 				</div>
 			<?php } ?>
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<div class="u-mb10">
 					<label for="v_domain" class="form-label"><?= _("Domain") ?></label>
 					<input type="text" class="form-control" name="v_domain" id="v_domain" value="<?= htmlentities(trim($v_domain, "'")) ?>" required>

web/templates/pages/add_mail.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>
@@ -33,19 +33,19 @@
 		<div class="form-container">
 			<h1 class="u-mb20"><?= _("Add Mail Domain") ?></h1>
 			<?php show_alert_message($_SESSION); ?>
-			<?php if ($user_plain == "admin" && $accept !== "true") { ?>
+			<?php if ($_SESSION["role"] == "admin" && $accept !== "true") { ?>
 				<div class="alert alert-danger" role="alert">
 					<i class="fas fa-exclamation"></i>
 					<p><?= htmlify_trans(sprintf(_("It is strongly advised to {create a standard user account} before adding %s to the server due to the increased privileges the admin account possesses and potential security risks."), _('a mail domain')), '</a>', '<a href="/add/user/">'); ?></p>
 				</div>
 			<?php } ?>
-			<?php if ($user_plain == "admin" && empty($accept)) { ?>
+			<?php if ($_SESSION["role"] == "admin" && empty($accept)) { ?>
 				<div class="u-side-by-side u-mt20">
 					<a href="/add/user/" class="button u-width-full u-mr10"><?= _("Add User") ?></a>
 					<a href="/add/mail/?accept=true" class="button button-danger u-width-full u-ml10"><?= _("Continue") ?></a>
 				</div>
 			<?php } ?>
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<div class="u-mb20">
 					<label for="v_domain" class="form-label"><?= _("Domain") ?></label>
 					<input type="text" class="form-control" name="v_domain" id="v_domain" value="<?= htmlentities(trim($v_domain, "'")) ?>" required>

web/templates/pages/add_web.php

@@ -7,7 +7,7 @@
 			</a>
 		</div>
 		<div class="toolbar-buttons">
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<button type="submit" class="button" form="main-form">
 					<i class="fas fa-floppy-disk icon-purple"></i><?= _("Save") ?>
 				</button>
@@ -26,19 +26,19 @@
 		<div class="form-container">
 			<h1 class="u-mb20"><?= _("Add Web Domain") ?></h1>
 			<?php show_alert_message($_SESSION); ?>
-			<?php if ($user_plain == "admin" && $accept !== "true") { ?>
+			<?php if ($_SESSION["role"] == "admin" && $accept !== "true") { ?>
 				<div class="alert alert-danger" role="alert">
 					<i class="fas fa-exclamation"></i>
 					<p><?= htmlify_trans(sprintf(_("It is strongly advised to {create a standard user account} before adding %s to the server due to the increased privileges the admin account possesses and potential security risks."), _('a web domain')), '</a>', '<a href="/add/user/">'); ?></p>
 				</div>
 			<?php } ?>
-			<?php if ($user_plain == "admin" && empty($accept)) { ?>
+			<?php if ($_SESSION["role"] == "admin" && empty($accept)) { ?>
 				<div class="u-side-by-side u-mt20">
 					<a href="/add/user/" class="button u-width-full u-mr10"><?= _("Add User") ?></a>
 					<a href="/add/web/?accept=true" class="button button-danger u-width-full u-ml10"><?= _("Continue") ?></a>
 				</div>
 			<?php } ?>
-			<?php if (($user_plain == "admin" && $accept === "true") || $user_plain !== "admin") { ?>
+			<?php if (($_SESSION["role"] == "admin" && $accept === "true") || $_SESSION["role"] !== "admin") { ?>
 				<div class="u-mb10">
 					<label for="v_domain" class="form-label"><?= _("Domain") ?></label>
 					<input type="text" class="form-control" name="v_domain" id="v_domain" value="<?= htmlentities(trim($v_domain, "'")) ?>" required>

web/templates/pages/list_user.php

@@ -133,7 +133,7 @@
 					$spnd_confirmation = _('Are you sure you want to suspend user %s?');
 				}
 			?>
-			<div class="units-table-row <?php if ($status == 'suspended') echo 'disabled'; ?> js-unit <?php if (($_SESSION['POLICY_SYSTEM_HIDE_ADMIN'] === 'yes') && ($_SESSION['user'] !== 'admin') && ($key === 'admin')) { echo 'u-hidden'; } ?>"
+			<div class="units-table-row <?php if ($status == 'suspended') echo 'disabled'; ?> js-unit <?php if (($_SESSION['POLICY_SYSTEM_HIDE_ADMIN'] === 'yes') && ($_SESSION['user'] !== $_SESSION['ROOT_USER']) && ($key === 'admin')) { echo 'u-hidden'; } ?>"
 				data-sort-date="<?= strtotime($data[$key]['DATE'].' '.$data[$key]['TIME']) ?>"
 				data-sort-name="<?= strtolower($key) ?>"
 				data-sort-package="<?= strtolower($data[$key]['PACKAGE']) ?>"
@@ -186,7 +186,7 @@
 								</a>
 							</li>
 						<?php } ?>
-						<?php if (!($_SESSION["userContext"] === "admin" && $key == "admin" && $_SESSION["user"] != "admin")) { ?>
+						<?php if (!($_SESSION["userContext"] === "admin" && $key == $_SESSION['ROOT_USER'] && $_SESSION["user"] != $_SESSION['ROOT_USER'])) { ?>
 							<li class="units-table-row-action shortcut-enter" data-key-action="href">
 								<a
 									class="units-table-row-action-link"
@@ -198,7 +198,7 @@
 								</a>
 							</li>
 						<?php } ?>
-						<?php if (!($key == "admin" || $key == $user_plain)) { ?>
+						<?php if (!($key == $_SESSION['ROOT_USER'] || $key == $user_plain)) { ?>
 							<li class="units-table-row-action shortcut-s" data-key-action="js">
 								<a
 									class="units-table-row-action-link data-controls js-confirm-action"