How to effectively set user permissions in Gaia OS
Table of Contents:
How to effectively set user permissions in Gaia OS
The Gaia operating system has a granular Role Based Administration (RBA) system.
Each administrator managing the Gaia OS should have his own user account. This user account should be assigned with a Gaia OS role, granting the appropriate permissions to Gaia OS features.
The Gaia pre-defined 'admin' account is assigned with the 'adminRole', which grants full permissions to all features. The 'admin' account should be used by the most privileged administrator since it has ultimate control over the machine.
There are several Gaia OS 'power features', which provide a user (who is permitted to use them via an assigned role) with a privilege level equivalent to that of 'adminRole'.
List of RBA 'power features':
| Feature Name in Gaia Portal |
Feature Name in Clish shell |
Allowed actions |
| Users |
user |
Change default shell to /bin/bash |
| Roles |
rba |
Assign sensitive roles |
| Expert Mode |
expert |
Run the "expert" command |
| Expert Password |
expert-password |
Change the expert password |
| Expert Password Hash |
expert-password-hash |
Replace expert password hash |
| Authentication Servers |
aaa-servers |
Define an external authentication server |
| Job Scheduler |
cron |
Define a scheduled job |
| Extended Commands |
command |
Define a new Clish command |
| Display Configuration |
configuration |
Show, save and load Gaia OS configuration |
| Backup |
backup |
Create a backup and restore from a backup |
| Scheduled Backup |
scheduled_backup |
Define a scheduled backup |
| Snapshot |
snapshot |
Create a full backup (snapshot) and revert to a full backup (snapshot) |
| Manage Images |
manage-image |
Manage full backups (snapshots) - create, revert |
| Installation |
ftw |
Run First Time Configuration Wizard from Gaia Portal |
| System Groups |
group |
Assign users to groups |
| config_system |
ext_config_system |
Run First Time Configuration Wizard from Clish shell |
Setting expert mode access permissions in Gaia OS
To effectively block Expert mode access to a user, create a role, which does not include any of features mentioned above and assign that role to the user.
Documentation
For further information on configuring Users and Roles in Gaia OS, refer to Gaia Administration Guide (R77 , R80.10 , R80.20 , R80.30) - Chapter 'User Management'.
