set user

Purpose

Used to:

• Add users for access to a Digi device. The number of users that can be defined varies by Digi device. To determine the number of users allowed for your Digi device, enter set user or show user.
• Associate a user with a group. A user can be associated with up to two groups.
• Disassociate a user from a group.
• Remove users.
• Change user configuration attributes.
• Display user configuration attributes.
• Load an SSH public key, and, for single-user model products, unload a public key.

Required permissions

For Digi products with two or more users, to use this command, permissions must be set to one of the following:

• For a user to display the user settings for the line on which they are logged in: set permissions s-user=r-self.
• For a user to display the user settings for any line: set permissions s‑user=read.
• For a user to display and set the permissions settings for the line on which they are logged in: set permissions s-user=rw-self.
• For a user to display the permissions settings for any line, and set group settings for the line on which the user is logged in: set permissions s‑user=w-self-r.
• For a user to display and set the user settings on any line: set permissions user=rw. When permissions are set to set permissions s‑user=rw, a user cannot set another user’s permission level higher than their own level or raise their own permission level.

See set permissions for details on setting user permissions for commands.

Syntax

Add a user

set user add id=number newname=string

Remove a user

set user remove {id=range|name=string}

Associate a user with a group

set user associate {id=number|name=string} {gid=number|gname=string}

Disassociate a user from a group

set user disassociate {id=number|name=string} {gid=number|gname=string}

Change user configuration attributes

set user [id=range|name=string]
  [newname=string]
  [commandline={on|off}]
  [groupaccess={on|off}]
  [defaultaccess={none|commandline|group}]
  [defaultgroup={none|gid|gname}]

Display user configuration attributes

set user {id=range|name=string}

Display user configuration attributes for all users

set user

Load an SSH public key

set user public_key=tftphost:filename

Remove an SSH public key

set user public_key=clear

Options

add

Add a user. New users are created with the default permissions (see User Models and User Permissions in Digi devices). A maximum of 32 users can be defined.

remove

Remove users.

associate

Associate a user with a group. A user can be associated with a maximum of two groups.

disassociate

Disassociate a user from a group.

id=range

Specifies the ID or range of IDs of the users to be acted on.

name= string

Specifies the name of the user to be acted on.

newname=string

Specifies a new user name.

gid=number

Specifies the identifier for the group being associated with a user. If omitted, the gname option must be specified.

gname=string

Specifies the name of the group being associated with a user. If omitted, the gid option must be specified.

commandline={on|off}

Specifies whether the user is allowed to access the command line of the device.

on

User can access the command line interface.

off

User can not access the command line interface.

The default is on.

groupaccess={on|off}

Specifies whether the user is allowed to use the access rights for any associated groups. This allows a group to define the access rights for users. For instance, if the user has commandline=off and an associated group has commandline=on, the user will have command line access if groupaccess=on.

on

The user can use group access rights.

off

The user cannot use group access rights.

The default is off.

defaultaccess={none|commandline|group}

Specifies the default access method and interface that a user will be given upon logging into the device. Note that the specified interface must be enabled for the user and have a valid menu and/or group if specified.

none

The user has no default access to the device and must explicitly specify the access type. If the user and/or associated group has no access rights then the user is not allowed to access either the command line interface or the custom menu interface.

commandline

The user displays and given access to the command line interface assuming the user and/or associated groups have command line access rights enabled.

group

The user displays the default access interface as specified by the defaultgroup option, assuming the specified group is valid and associated to this user. This allows the default access for a user to be controlled by the associated group.

The default is commandline.

defaultgroup={none|gid|gname}

Specifies the default group to use when checking the default access rights when the defaultaccess option is set to group. The specified group must be valid and associated to the user.

none

The user will not be given any default access.

gid

Group ID. The user will be given the default access method according to the default access of the group with the specified group ID.

gname

Group name. The user will be given the default access method according to the default access of the group with the specified group name.

The default is none.

public_key={tftphost:filename|clear}

Loads or clears an SSH public key used for authentication of this user. The key must be an RSA public key in either OpenSSH or the IETF draft format.

tftphost:filename

Loads an SSH2 public key for use with this user, where:

tftphost

The IP address or DNS name of a host from which the SSH public key will be downloaded to the Digi device using TFTP.

filename

The name of a file on the host that contains the SSH public key. If your host’s implementation requires a complete path to this file, specify the path here as well.

clear

Unloads an SSH public key.

 

Examples

Add a new user

#> set user add newname=jsmith id=4

Remove user 7

#> set user remove id=7

Associate user “johndoe” with the root group

#> set user associate name=johndoe gname=root

Disassociate user 15 from group 2

#> set user disassociate id=15 gid=2

Set a new user name to be entered at login

#> set user id=4 newname=jdoe

Set a user to have default command line interface access

#> set user id=4 commandline=on defaultaccess=commandline

Set a user to use group access rights

#> set user name=johndoe groupaccess=on defaultaccess=group defaultgroup=root

See also

• User Models and User Permissions in Digi devices
• newpass
• revert: The revert auth command reverts the settings configured by set user.
• set group
• set login
• set permissions
• show: The show user command shows the current user settings in a Digi device.