Print

Adding a local Linux account for an administrator - sample

About this task

Use this procedure to add a local Linux account for an administrator with the following roles:

The following procedure is a sample scenario that depicts using a limited number of roles. AE Services also provides additional roles. For more information about roles and mapping to Linux groups, see AE Services administrative roles and access privileges (role based access control - RBAC).

In Geo Redundant High Availability configuration, you must create any user on the primary server on the secondary server by using the command line interface.

Procedure

  1. On the AE Services Management Console main menu, select Security > Account Management > Add Login.
  2. On the Add Login page, in the Login ID field, enter a user name.

    A login ID can consist of up to 32 characters. The set of valid characters is: lowercase a through z; uppercase A-Z, the numbers 0 through 9, the dash (-), and the underscore (_).

  3. Click Continue.
  4. On the Add Login page, do the following:
    1. In the Default Login Group field, accept the default users.

      The Default Login Group user maps to the Auditor role. You can have only one group name in the Default Login Group field.

    2. In the Additional Login Groups field, type backuprestore,avayamaint.

      You can have more than one group name in this field. When you enter more than one group name, separate each group name with a comma. Valid group names are:

      • susers

      • securityadmin

      • backuprestore

      • users

      • avayamaint

      • easg

    3. In the Lock this account check box, accept the default (unchecked).
    4. In the Date on which account is disabled field, accept the default (blank) unless this is a temporary account that will be disabled within a specific time frame.
    5. In the Enter Password and Re-enter password fields, type the password based on the password policy.

      The default Linux password policy, which is based on a US standard keyboard and the default password limits for PAM Module Configuration, calls for a minimum of 8 characters, with at least 1 uppercase character, 1 lowercase character, 1 alphanumeric character, and 1 special character. The following characters are not permitted: $ (dollar sign), ’ (apostrophe), " (quotation mark), \ (backslash), the space character, and any ASCII control-character.

    6. On the Force password change on first login dialog box, click No.
    7. In the Maximum number of days a password may be used (PASS_MAX_DAYS) field, accept the default (99999).
    8. In the Minimum number of days allowed between password changes (PASS_MIN_DAYS) field, accept the default (0).
    9. In the Number of days warning given before a password expires (PASS_WARN_AGE) field, accept the default (7).
    10. In the Days after password expired to lock account field, accept the default (0).
  5. Click Add.

    See Results of adding a local Linux account for an administrator - sample to see the access privileges administered for this user (aesadmin3).