Running version 0.17.2 on Zorin EDU 17.2 (Ubuntu 22.04).
When I log out of Super Admin account and then close Kolibri, then I relaunch Kolibri and I am still logged in as the Super Admin. I have tried logging in as student user (and other users), but every time I restart Kolibri, it goes to Channels page with Super Admin logged in. I have restarted the computer/logged in and out of the account, and it still persists.
To be clear, I am using the Flatpak installed version that comes bundled with Zorin EDU. I have used it in the past versions (Kolibri and Zorin) without this issue. This seems new with Zorin 17 or some recent Kolibri version.
If I go to the web interface for Kolibri, I get the expected Sign In page.
I see the same issue in Zorin 16.2 EDU, which is based on Ubuntu 20.04
Hi @dkhardy,
The Flatpak version of Kolibri is setup as a GNOME app, that authenticates automatically based on the logged in system user. This is why it is automatically logged into the superuser. It seems like this is not desirable in this case. I’ll check with our colleagues at Endless who maintain the Flatpak application to see if there is any remediation that can be done here.
Kind Regards,
Richard
Hi there! So indeed, the app automatically signs in as a Kolibri user mapped to your desktop account, which is usually a super admin Kolibri user. The same mechanism is how you can sign in as that admin user from the login screen in the app without entering a password. (Behind the scenes, the app negotiates an authentication token with the Kolibri server).
We don’t have a nice GUI way to turn this feature off, but we do have an environment variable for the app. Do you have Flatseal installed? If you do, you can open that, choose Kolibri on the left, then scroll down and add KOLIBRI_APP_AUTOMATIC_LOGIN=0 under the Environment Variables section.
Alternatively, you can open a terminal and use the flatpak override command:
flatpak override --user org.learningequality.Kolibri --env=KOLIBRI_APP_AUTOMATIC_LOGIN=0
And to unset that later, you could do…
flatpak override --user org.learningequality.Kolibri --unset-env=KOLIBRI_APP_AUTOMATIC_LOGIN
Note: before you set that environment variable, you may need to set a password for your Kolibri super admin user. You’ll lose the ability to log in without one.
Out of curiosity, do you feel the way it is working right now gets in the way of your use case, or are you more curious why it’s happening? I can imagine a fancy “view as user” thing could be useful, but that’s very fancy and conveniently outside of my department :b
Alternatively, maybe the server could disregard authentication tokens for certain configurations. I’m imagining a use case where we have a bunch of users sharing one user account on one computer with the app installed, which is the type of thing I like to throw my hands up in the air and say “give up, it’ll never be secure!”, but if that is a thing people do then we could certainly help them out.
Hello Dylan,
This is Jennifer Hardy, I am working with Dow on this problem, can I be added to this thread so that I can reply directly? My user name is Jennifer_Hardy.
Thank you,
Jen
Please disregard my previous request, I found the thread here…
Hi @dylan-m ,
This solution worked perfectly, for many of our machines which are laptops (Lenovo P53, Dell 5470, 5490, etc…) but we also have older desktops, Optiplex 3020 that the fix did not work for.
When I set the environment variable Kolibri flashes/glitches when it loads and it does not stop, I have to close the app. The glitch disappears when I unset the variable.
Thanks, Jen
Thank you for the quick replies. I think we are in a good place for us with setting the environment variable.
A little about our use case…
We provide laptops to schools in rural Malawi. We have been doing it since 2017, which gives you a little context on the environment that we originally built for. So, our original approach was to have each laptop be a standalone system – meaning that all the content needed to be hosted locally on the laptop. This put us down the path of installing Kolibri on all the machines along with about 100GB of Kolibri channels (running in the “student” account). This model works well in a “standalone” world, but clearly has storage/maintenance/security issues that others avoid with a server-client model. We are moving to having simple wireless networks at our partner schools, but this has challenges with requiring consistent power and a level of network comfort that we need to prove out. So, in the meantime, the laptop (and the user account) running the Kolibri server needs different security considerations than you would have in a server-client model. Hence, we cannot gracefully handle when Kolibri starts and automatically makes you the super-admin and starts you at the import/delete channels page.
Sorry for the long reply, but if you were interested in context, there it (somewhat) is.
Thank you again.
Dow
Thank you! That makes sense now 
I hope that environment variable bit will help.
This is a very technical solution so I understand if you all would rather not deal with it, but we have a set of configuration files which make it possible to run Kolibri (from the Kolibri flatpak) as a system service. It was designed with exactly those kinds of shared desktop systems in mind; where we want to use this desktop app, but with the sort of separation you get running the Kolibri server and connecting over a web browser. This way all that Kolibri data is safely stored in a system location, separate from the student user account:
Alas, I don’t think any distro packages eos-kolibri (except Endless OS of course!) but one can sort of read through that and do it by hand if you know your way around systemd and friends, or use the installation instructions (with Meson) at the bottom of the README.
Oh that is strange! I’m not sure what would be causing that, but I’ll keep an eye out for it. Any chance you can attach some logs from one of those affected systems? Maybe just the output you get in the console if you run flatpak run org.learningequality.Kolibri, but I’m definitely curious if it’s glitching out like in the webview, or the whole app.
In the app you can also go to the main menu, open About / Troubleshooting, and there’s a blob of text there which could be useful.
Hi Dylan, thanks for your reply.
I’ve attached some .txt. files, video and screenshots. Hope it helps…
Jen
(Attachment KolibriDataDump.zip is missing)
Not surprised your filter didn’t allow a .zip file…
Here’s a link to the zip file…
https://drive.google.com/file/d/1ebcLVctXfLFwY6Y-pPZJOYFiQqDGbKTj/view?usp=sharing