Linux User Accounts¶
A brief description of the system accounts available in a StarlingX system.
- Sysadmin Local Linux Account
This is a local, per-host, sudo-enabled account created automatically when a new host is provisioned. It is used by the primary system administrator for StarlingX, as it has extended privileges.
See The sysadmin Account for more details.
- Local Linux User Accounts
Local Linux User Accounts should NOT be created since they are used for internal system purposes.
- Local LDAP Linux User Accounts
These are local LDAP accounts that are centrally managed across all hosts in the cluster. These accounts are intended to provide additional admin level user accounts (in addition to sysadmin) that can SSH to the nodes of the StarlingX and/or access its Kubernetes cluster.
See Local LDAP Linux User Accounts and Manage Composite Local LDAP Accounts at Scale for more details.
Note
For security reasons, it is recommended that ONLY admin level users be allowed to SSH to the nodes of the StarlingX. Non-admin level users should strictly use remote CLIs or remote web GUIs.
For more information, refer to the following:
- The sysadmin Account
- Local LDAP Linux User Accounts
- Create LDAP Linux Accounts
- Create LDAP Linux Groups
- Delete LDAP Linux Accounts
- Remote Access for Linux Accounts
- Password Recovery for Linux User Accounts
- Local LDAP user password expiry control
- Establish Credentials for Linux User Accounts
- For StarlingX and Platform OpenStack CLIs from a Local LDAP Linux Account Login
- For StarlingX, Platform OpenStack and Kubernetes CLIs from the ‘sysadmin’ Linux Account Login
- For Kubernetes CLI from a Local LDAP Linux Account Login
- Manage Composite Local LDAP Accounts at Scale
- Selectively Disable SSH for Local LDAP and WAD Users
- Add LDAP Users to Linux Groups Using PAM Configuration