Skip to main content

Managing Superuser Accounts

Superuser accounts bypass the Key Manager permission system, effectively having full rights under all circumstances. The only exception is that superuser accounts cannot be used to access the Key Manager API.

For security reasons, superuser accounts should only be used for creating the initial Administrator account. Superuser accounts should subsequently be reserved for troubleshooting use only. Regular system administration tasks should be delegated to Administrator accounts instead.

A superuser account with the user name superuser is created during initial Key Manager Server setup.

Superuser accounts can be created and modified using the ssh-mgr-controller utility that is present on all the Key Manager Servers. To create or modify a superuser account:

  1. Log into a Key Manager Server as root.

  2. On the Key Manager Server, run the following command (replace username and password with the user name and password you want to set for the superuser account):

    # /opt/sshmgr/bin/ssh-mgr-controller --admin-account=username \
    --admin-account-password=password --admin-account-superuser=yes

    The command creates a new superuser with the specified user name and password. If an account with the specified user name already exists, that account becomes a superuser account, and the account password is set to the specified password.