user

Access the user-level command. With the user commands, the HSM Appliance admin can create (add) additional named users and assign them roles of greater or lesser capability on the system. The admin can also lock (disable), unlock (enable) such accounts, set/reset their passwords, or delete them entirely, as needed.

Users without the "admin" role cannot execute any "user" command, even to change their own password. They should use the my password set command to change their own password.

The current implementation creates named users that are separate from the roles that those users can hold. The purpose is to allow administrators to assign any of the roles to multiple people, to allow logged tracking, by name, of the actions of each user in a given role (this was not possible previously when the role was the user, and only one of each could exist).

For Luna Appliance Software 7.7.1 and newer, the LunaSH "user" command blocks using the following names as LunaSH users:

>Standard Linux users

>Standard Linux groups

>All the Linux and Luna services, whether active or not.

Attempts to add, change, or delete any such names result in messages returned like (examples):

>'sshd' is reserved for system use and cannot be added.

>'sshd' is reserved for system use and cannot be deleted.

>'sshd' is reserved for system use and cannot be modified.

Syntax

user

add
delete
disable
enable
list
password
radiusadd
role

Argument(s) Shortcut Description
add a Add LunaSH user. See user add.
delete de Delete a named LunaSH user. See user delete.
disable di Disable a LunaSH user (but the user still exists with role(s) assigned. See user disable.
enable e Enable a locked LunaSH user (with whatever roles are assigned to that user). See user enable.
list l List the LunaSH user accounts. See user list.
password p Set User Password. See user password.
radiusadd ra Add a RADIUS-authenticated user. See user radiusAdd.
role ro Access the user role commands. See user role.