Print Download PDF Send Feedback

Previous

Next

Users

Use the Gaia Portal and Gaia Clish to manage user accounts. You can:

These users are created by default and cannot be deleted:

New users have read‑only privileges to the Gaia Portal and the Gaia Clish by default. You must assign one or more roles before they can log in.

Notes:

When you create a user, you can add pre-defined roles (privileges) to the user. For more information, see the Role-Based Administration.

Warning - A user with read and write permission to the Users feature can change the password of another user, or an admin user. Therefore, write permission to the Users feature should be assigned with caution.

Managing User Accounts - Gaia Portal

To see a list of all configured users:

In the navigation tree, click User Management > Users.

You can also see your username in the top right corner of the Gaia Portal.

To add a new user:

  1. In the navigation tree, click User Management > Users.
  2. Click Add.
  3. In the Login Name field, enter the username.

    The valid characters (between 1 and 32 characters) are alphanumeric characters, dash (-), and underscore (_).

  4. In the Password field, enter the the user's password.

    All printable characters are allowed. Length is between 6 and 128 characters.

    Important - Do not use the asterisk (*) character in the password. User with such password will not be able to log in.

  5. In the Confirm Password field, enter the the user's password again.
  6. In the Real Name field, enter the user's real name or other informative text.

    This is an alphanumeric string that can contain spaces. The default is the user's Login Name with capitalized first letter.

  7. In the Home Directory field, enter the user's home directory.

    This is the full Linux path name of a directory, to which the user will log in.

    Must be a subdirectory of /home/ directory.

    If the subdirectory does not already exist, it is created.

  8. In the Shell field, select the user's default login shell:

    Shell

    Description

    /etc/cli.sh

    This is the default option.

    Lets the user work with the full Gaia Clish.

    By default, some basic networking commands (such as ping) are also available. The Extended Commands in the assigned roles makes it possible to add more Linux commands that can be used.

    User can run the expert command to enter the Bash shell (Expert mode).

    /bin/bash

    BASH Linux shell.

    Lets the user work with the Expert mode.

    User can run the clish command to enter the Gaia Clish.

    /bin/csh

    CSH Linux shell.

    User can run the clish command to enter the Gaia Clish.

    /bin/p1shell

    Check Point shell for Multi-Domain Server.

    Lets the administrator user run Multi-Domain Security Management CLI commands in the context of Multi-Domain Server and Domains, without root permissions.

    For more information, see the R80.10 Multi-Domain Security Management Administration Guide.

    /bin/sh

    SH Linux shell.

    User can run the clish command to enter the Gaia Clish.

    /bin/tcsh

    TCSH Linux shell.

    User can run the clish command to enter the Gaia Clish.

    /usr/bin/scponly

    User is not allowed to log in to Gaia.

    User can only connect to Gaia over SCP and transfer files to and from the system. No other commands are permitted.

    /sbin/nologin

    User is not allowed to log in to Gaia.

  9. Select User must change password at next logon, if you wish to force the user to change the configured password during the next login.

    Note -If the user does not log in within the time limit configured in the Gaia Portal > User Management > Password Policy page > Mandatory Password Change section > Lockout users after password expiration > Lockout user after X days, the user may not be able to log in at all.

  10. Optional: In the UID field, enter or select the applicable User ID:
    • 0 for administrator users (this is the default option)
    • between 103 and 65533 for non-administrator users
  11. In the Access Mechanisms section:
    • Select Web to allow this user to access Gaia Portal.
    • Select Clish Access to allow this user to access Gaia Clish.
  12. In the Available Roles list:
    1. Select the roles you wish to assign to this user.

      To select several roles:

      Press and hold the Ctrl key on the keyboard.

      Left-click the applicable roles. The selected roles become highlighted.

    2. Click Add >. The selected roles move to the Assigned Roles list.
  13. Click OK.

To change a user:

  1. In the navigation tree, click User Management > Users.
  2. Select the user.
  3. Click Edit.
  4. In the Real Name field, enter the user's real name or other informative text.
  5. In the Home Directory field, enter the user's home directory.
  6. In the Shell field, select the user's default login shell.
  7. Select User must change password at next logon, if you wish to force the user to change the configured password during the next login.
  8. In the Available Roles list, select the roles you wish to assign to this user and click Add >.
  9. In the Assigned Roles list, select the roles you wish to remove from this user and click Remove >.
  10. Click OK.

Note - For the default users admin and monitor, you can only change the Shell and Roles.

To delete a user:

  1. In the navigation tree, click User Management > Users.
  2. Select the user.
  3. Click Delete.
  4. Click OK to confirm.

Note - You cannot delete the default users admin and monitor.

Managing User Accounts - Gaia Clish

Description

Manage user accounts. You can add users, edit the home directory of the user, edit the default shell for a user, give a password to a user, and give privileges to users.

Note - You can use the add user command to add new users, but you must use the set user <username> password command to set the password and allow the user to log on to the system.

Syntax

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Parameters

Parameter

Description

user <UserName>

Configures unique login username - an alphanumeric string, from 1 to 32 characters long, that can contain dashes (-) and underscores (_), but not spaces.

uid <User ID>

Optional. Configures unique User ID to identify permissions of the user:

  • 0 for administrator users (this is the default option)
  • between 103 and 65533 for non-administrator users

If a value is not specified, a sequential number is assigned automatically.

homedir <Path>

Configures user's home directory. This is the full Linux path name of a directory, to which the user will log in. Must be a subdirectory of /home/ directory.

If the subdirectory does not already exist, it is created.

force-password-change {yes | no}

If you wish to force the user to change the configured password during the next login, set the value to yes.

Note - If the user does not log in within the time limit configured by the set password-controls expiration-lockout-days command, the user may not be able to log in at all.

gid <System Group ID>

Configures System Group ID (0‑65535) for the primary group, to which a user belongs. The default is 100.

You can add the user to several groups. Use the add group and set group commands to manage the groups.

lock-out off

Unlocks the user, if the user was locked-out. The password expiration date is adjusted, if necessary.

newpass <Password>

Configures a new password for the user.

You will not be asked to verify the new password. The password you enter shows on the terminal command line in plain text, and is stored in the command history as plain text.

password

Configures a password for the new user.

The command runs in interactive mode.

You must enter the password twice, to verify it.

The password you enter will not be visible on the terminal command line.

password-hash <Password Hash>

Configures the password using an encrypted representation of the password.

The password is not visible as text on the terminal command line, or in the command history.

Use this option if you want to change passwords using a script. You can generate the hash version of the password using standard Linux hash generating utilities.

realname <Name>

Configures user's description - most commonly user's real name.

This is an alphanumeric string that can contain spaces.

The default is the username with capitalized first letter.

shell <Login Shell>

Configures the user's default login shell.

  • /etc/cli.sh:

    This is the default option.

    Lets the user work with the full Gaia Clish.

    By default, some basic networking commands (such as ping) are also available. The Extended Commands in the assigned roles makes it possible to add more Linux commands that can be used.

    User can run the expert command to enter the Bash shell (Expert mode).

  • /bin/bash:

    BASH Linux shell.

    Lets the user work with the Expert mode.

    User can run the clish command to enter the Gaia Clish.

  • /bin/csh:

    CSH Linux shell.

    Gives the user Expert mode access.

    User can run the clish command to enter the Gaia Clish.

  • /bin/p1shell:

    Check Point shell for Multi-Domain Server.

    Lets the administrator user run Multi-Domain Security Management CLI commands in the context of Multi-Domain Server and Domains, without root permissions.

    For more information, see the R80.10 Multi-Domain Security Management Administration Guide.

  • /bin/sh:

    SH Linux shell.

    Gives the user Expert mode access.

    User can run the clish command to enter the Gaia Clish.

  • /bin/tcsh:

    TCSH Linux shell.

    Gives the user Expert mode access.

    User can run the clish command to enter the Gaia Clish.

  • /usr/bin/scponly:

    User is not allowed to log in to Gaia.

    User can only connect to Gaia over SCP and transfer files to and from the system. No other commands are permitted.

  • /sbin/nologin:

    User is not allowed to log in to Gaia.