|
|
|
Use the Gaia Portal and Gaia Clish to manage user accounts. You can:
These users are created by default and cannot be deleted:
New users have read‑only privileges to the Gaia Portal and the Gaia Clish by default. You must assign one or more roles before they can log in.
Notes:
When you create a user, you can add pre-defined roles (privileges) to the user. For more information, see the Role-Based Administration.
|
Warning - A user with read and write permission to the Users feature can change the password of another user, or an admin user. Therefore, write permission to the Users feature should be assigned with caution. |
To see a list of all configured users:
In the navigation tree, click User Management > Users.
You can also see your username in the top right corner of the Gaia Portal.
To add a new user:
The valid characters (between 1 and 32 characters) are alphanumeric characters, dash (-), and underscore (_).
All printable characters are allowed. Length is between 6 and 128 characters.
Important - Do not use the asterisk (*) character in the password. User with such password will not be able to log in.
This is an alphanumeric string that can contain spaces. The default is the user's Login Name with capitalized first letter.
This is the full Linux path name of a directory, to which the user will log in.
Must be a subdirectory of /home/ directory.
If the subdirectory does not already exist, it is created.
Shell |
Description |
|---|---|
|
This is the default option. Lets the user work with the full Gaia Clish. By default, some basic networking commands (such as User can run the |
|
BASH Linux shell. Lets the user work with the Expert mode. User can run the |
|
CSH Linux shell. User can run the |
|
Check Point shell for Multi-Domain Server. Lets the administrator user run Multi-Domain Security Management CLI commands in the context of Multi-Domain Server and Domains, without root permissions. For more information, see the R80.10 Multi-Domain Security Management Administration Guide. |
|
SH Linux shell. User can run the |
|
TCSH Linux shell. User can run the |
|
User is not allowed to log in to Gaia. User can only connect to Gaia over SCP and transfer files to and from the system. No other commands are permitted. |
|
User is not allowed to log in to Gaia. |
Note -If the user does not log in within the time limit configured in the Gaia Portal > User Management > Password Policy page > Mandatory Password Change section > Lockout users after password expiration > Lockout user after X days, the user may not be able to log in at all.
To select several roles:
Press and hold the Ctrl key on the keyboard.
Left-click the applicable roles. The selected roles become highlighted.
To change a user:
Note - For the default users admin and monitor, you can only change the Shell and Roles.
To delete a user:
Note - You cannot delete the default users admin and monitor.
Description
Manage user accounts. You can add users, edit the home directory of the user, edit the default shell for a user, give a password to a user, and give privileges to users.
Note - You can use the add user command to add new users, but you must use the set user <username> password command to set the password and allow the user to log on to the system.
Syntax
add user <UserName> uid <User ID> homedir <Path> |
add user <UserName> uid 0 homedir <Path> |
set user <UserName> force-password-change {yes | no} gid <System Group ID> homedir <Path> lock-out off newpass <Password> password password-hash <Password Hash> realname <Name> shell <Login Shell> uid <User ID>} |
show users |
show user <UserName> [force-password-change] [gid] [homedir] [lock-out] [realname] [shell>] [uid] |
delete user <User ID> |
Important - After you add, configure, or delete features, run the save config command to save the settings permanently.
Parameters
Parameter |
Description |
|---|---|
|
Configures unique login username - an alphanumeric string, from 1 to 32 characters long, that can contain dashes (-) and underscores (_), but not spaces. |
|
Optional. Configures unique User ID to identify permissions of the user:
If a value is not specified, a sequential number is assigned automatically. |
|
Configures user's home directory. This is the full Linux path name of a directory, to which the user will log in. Must be a subdirectory of If the subdirectory does not already exist, it is created. |
|
If you wish to force the user to change the configured password during the next login, set the value to Note - If the user does not log in within the time limit configured by the |
|
Configures System Group ID ( You can add the user to several groups. Use the |
|
Unlocks the user, if the user was locked-out. The password expiration date is adjusted, if necessary. |
|
Configures a new password for the user. You will not be asked to verify the new password. The password you enter shows on the terminal command line in plain text, and is stored in the command history as plain text. |
|
Configures a password for the new user. The command runs in interactive mode. You must enter the password twice, to verify it. The password you enter will not be visible on the terminal command line. |
|
Configures the password using an encrypted representation of the password. The password is not visible as text on the terminal command line, or in the command history. Use this option if you want to change passwords using a script. You can generate the hash version of the password using standard Linux hash generating utilities. |
|
Configures user's description - most commonly user's real name. This is an alphanumeric string that can contain spaces. The default is the username with capitalized first letter. |
|
Configures the user's default login shell.
|
