Management & Shell Users
In this section weʼll discuss two main topics:
- How to manage the authentication and authorization settings for Solace management users that can connect to a Solace PubSub+ event broker. The discussion begins in CLI User Access Levels.
- How to securely create and configure Linux shell users. Instructions can be found in Configuring Multiple Linux Shell Users.
Before we get started, it's important to understand the characteristics and scope of the two categories of users weʼll be discussing: Solace Management Users and Linux Shell Users.
Solace Management Users
Solace management users are users that can connect to the event broker to configure, manage and monitor it. There are two types.
- CLI User—A management user that connects to the event broker through the CLI, Broker Manager, or SolAdmin for purposes of configuring, managing, and monitoring. A CLI user can also be a management application that uses Solace Element Management Protocol (SEMP) requests over an HTTP service to manage and monitor the event broker. This user connection uses the Secure Shell (SSH) protocol.
- File Transfer User—A user that can remotely transfer files to and from specific directories on the Solace PubSub+ event broker using Secure File Transfer Protocol (SFTP) or Secure Copy (SCP).
A client user can also monitor an event broker if it is a management application using the SEMP Request Over Message Bus service. However, client users are not discussed in this section. For information on clients and how to configure client authentication for a Solace PubSub+ event broker, refer to Configuring Client Authentication.
Linux Shell Users
This category is composed of users that can log in to an applianceʼs Linux shell. The root user and default support user are in this category and are both built into the appliance. There are three other configurable user groups which were introduced to the appliance in software version 8.2.0 whose use will introduce operational flexibility. For instructions on how to create and configure them, refer to Configuring Multiple Linux Shell Users. Here's a list of the available Linux shell users:
- Root User—A single, built-in user that has root privileges in the applianceʼs Linux shell.
- Sysadmin Users—These are Root-like users who can run all commands in the appliance's Linux shell with root privileges without entering the root password by using
sudo. Sysadmin users can perform any appliance configuration procedure in these documents that note you need root access, or to be the root user, to perform. Sysadmin users are created and configured by the Root user or other Sysadmin users. There are no built-in, pre-configured Sysadmin users.
- Support User (default)—A single, default, built-in Linux user that is allowed to execute a limited set of appliance shell commands and scripts to allow for low-level event broker troubleshooting.
- Support Users (creatable)—These are additional support users that are created and configured by either Root or Sysadmin users. They have the same privileges as the default Support user, and are allowed to execute a limited set of appliance shell commands and scripts.
- Restricted Users—These users have read access to appliance logs, read/write access to files in their home directory, and read access to designated files owned by other users. They can execute shell commands that don’t need root access. Restricted users can be created by Root or Sysadmin users. There are no built-in Restricted users.