The following article provides details on the user types and their roles in IGEL OS. You can configure passwords for the user types to protect your endpoint devices against unwanted changes.
...
Configure the administrator password to create the password protection for theIGEL Setup. You can also configure the setup administrator and the setup user to allow additional access to the IGEL Setup. For more information, see Setup.
| Info |
|---|
The assignment of the administrator password is a prerequisite for all other rights assignments. Even if the administrator wants to leave the administration of the IGEL Setup to the setup administrator, the administrator password must be set. |
| Note |
|---|
If you do not configure any password, the IGEL Setup can be opened without password protection. |
...
- Administrator: If configured, the administrator password protects the following critical actions/areas from unauthorized access:
- IGEL Setup
- Reset to factory defaults boot mode. (For more information, see Boot Menu.)
- Accessing the local terminal as
root. (For more information, see Terminals in IGEL OS.) - Virtual console access. (For more information, see Access Control.)
- sessions, for which Administrator is set under Password protection. (For more information, see Starting Methods for Apps.)
...
- Unlocking the screenlock. (For more information, see Options 2Screenloock/Screensaver Options in IGEL OS12.)
- Secure Shell (SSH). (For more information, see SSH Access in IGEL OS 12.)
- Setup administrator : If configured, the setup administrator can access the following with a password:
- IGEL Setup
- IGEL Setup
- Setup user : If configured, the setup user can access the following with a password:
- IGEL Setup. (Unlike in OS 11, in OS 12 the Setup User can access all parts of Setup.)
sessions, for which Setup user is set under Password protection. (For more information, see Starting Methods for Apps.)
Warning If you configure a Setup user in OS 12, they have effectively the same Setup permissions as the Administrator. This includes running Custom Commands (command execution with privilege escalation).
- User : If configured, the user can access the following with a password:
- the terminal session as
user. (For more information, see Terminals in IGEL OS.) sessions, for which User is set under Password protection. (For more information, see Starting Methods for Apps.)
Info You can also use the User password for starting the screenlock: User Interface > Screenlock / Screensaver > Starting Methods for Session > Password protection. For details, see Screenlock / Screensaver.
However, note the following:
The User is not the same as the local user configured under Security > Logon > Local User. For unlocking the screenlock, the local user password (not the user password) is used. For details, see Local User and Options 2 Screenloock/Screensaver Options in IGEL OS12.
- the terminal session as
- User account for remote access: If configured, the
rusercan access the device via Secure Shell (SSH). (For more information, see SSH Access in IGEL OS 12.)
Administrator
Use password
| Include Page | ||||
|---|---|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
user), the setup user, and the setup administrator. (Default)...
This option is only available if an administrator password is set.
| Include Page | ||||
|---|---|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
...
This option is only available if an administrator password is set.
Setup user password protection is enabled. The password is set by clicking Set password.Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon activated
The setup user cannot access the IGEL Setup. Sessions, for which Setup user is set under Password protection will not have password protection. (Default)Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon deactivated
...
This option is only available if an administrator password is set.
User password protection is enabled. The password is set by clicking Set password.Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon activated
If an administrator password is set, the user (Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon deactivated user) cannot log in to the device via the local terminal. Sessions, for which User is set under Password protection will not have password protection. (Default)
...
User Account for Remote Access
Enable login
The remote user (Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon activated ruser) can log in to the device via SSH. (Default)
Logging in via SSH is not possible.Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon deactivated
For further SSH access settings, see SSH Access in IGEL OS 12.
Use password
A password is needed to log in via SSH. The password is set by clicking Set password.Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon activatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon activated
No password is needed to log in via SSH. (Default)Include Page IGELOS12BSDOCP:_SvIncludePlusContent-_Icon deactivatedIGELOS12BSDOCP: _SvIncludePlusContent-_Icon deactivated
...