Versions Compared

Old Version 1

changes.mady.by.user Harald Saller

Saved on

compared with

New Version Current

changes.mady.by.user Harald Saller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Scroll Documents: Update page title prefix

The following article provides details on the user types and their roles in IGEL OS. You can configure passwords for the user types to protect your endpoint devices against unwanted changes. 

...

Menu path:  Security > Password



IGEL Setup Password Protection

Configure the administrator password to create the password protection for theIGEL Setup. You can also configure the setup administrator and the setup user to allow additional access to the IGEL Setup. For more information, see (12.4-en_orig) Setup.

Info

The assignment of the administrator password is a prerequisite for all other rights assignments. Even if the administrator wants to leave the administration of the IGEL Setup to the setup administrator, the administrator password must be set.


Note

If you do not configure any password, the IGEL Setup can be opened without password protection.

User Rights

The user types have the following access rights:

If configured, the administrator can access the following with a password:

  • Setup administrator : If configured, the setup administrator can access the following with a password:
    • IGEL Setup

  • Setup user : If configured, the setup user can access the following with a password:
    • IGEL Setup. (Unlike in OS 11, in OS 12 the Setup User can access all parts of Setup.)

    • sessions, for which Setup user is set under Password protection. (For more information, see (12.4-en_orig) Starting Methods for Apps.)

      Warning

      If you configure a Setup user in OS 12, they have effectively the same Setup permissions as the Administrator. This includes running Custom Commands (command execution with privilege escalation).


  • User : If configured, the user can access the following with a password:
    • the terminal session as user. (For more information, see (12.4-en_orig) Terminals.)

    • sessions, for which User is set under Password protection. (For more information, see (12.4-en_orig) Starting Methods for Apps.)

      Info

      You can also use the  User password for starting the screenlock:  User Interface > Screenlock / Screensaver >   Starting Methods for Session > Password protection. For details, see (12.4-en_orig) Screenlock / Screensaver.


      However, note the following:  

      The  User  is not the same as the local user configured under Security > Logon > Local User. For unlocking the screenlock, the local user password (not the user password) is used. For details, see Local User and (12.4-en_orig) Options 2.



  • User account for remote access: If configured, the ruser can access the device via Secure Shell  (SSH). (For more information, see (12.4-en_orig) SSH Access.)


Administrator

Use password

Administrator password protection is enabled and further user types can be configured. The password is set by clicking  Set password.

...

Note
titleEffects on local terminal access

Setting an administrator password has the following effects on the access to local terminals:

  • For logging in as  root, the administrator password must be entered.
  • Logging in as  user  is no longer possible by default. However, you can allow access for  user   by making the following settings:
    • Enable the registry key  system.security.usershell  (Default: Disabled).
    • Set a user password.

For logging in as  user, the user password will have to be entered.

Setup Administrator

Setup administrator access

...

Click the button to set a new password.

Setup User

Setup user access

This option is only available if an administrator password is set.

...

Click the button to set a new password.

User

Use password

This option is only available if an administrator password is set.

...

Click the button to set a new password.

User Account for Remote Access

Enable login

The remote user (ruser) can log in to the device via SSH. (Default)

...