USERS Command November 28, 2017

If you are at all concerned about security the USERS command is important! The JNIOR ships with four (4) default user accounts each with an obvious password. Two (2) of those accounts are Administrators. Most customers are not aware of this. We have seen where a customer will change the password for the ‘jnior’ account and think they are good to go. In reality the ‘admin’ account remains active and accessible with the default password. The USERS command is the only way you can see what accounts are active.

The USERS command is part of JANOS and new to the Series 4. While the account situation, as far as having two (2) administrators, is the same with the Series 3 you can only see the active accounts on those older JNIORs by viewing the content of the /etc/passwd file. That file is not present on the Series 4.

Here is a default account status as shipped.

412dmx_r00 /> users
 admin       3  Administrator
 guest       0  Disabled
 jnior       1  Administrator
 user        2  Control, Disabled

412dmx_r00 />

In addition to the two (2) active administrator accounts there are two other account. Not that those are Disabled by default. JANOS allows you to disable an account without deleting it. It was not possible to do that with the Series 3. In that case the ‘user’ and ‘guest’ accounts are active.

The USERS command has no options. It lists each account and the tags associated. There are 3 possible tags:

Administrator

An account tagged as Administrator has full access to the JNIOR. An administrator can access any file regardless of its permissions. An administrator can utilize every command available at the command line and can fully configure the JNIOR. An account with the Administrator tag has access to all of the capability afforded by the Control tag.

Control

An account tagged as Control can manipulate I/O. This includes toggling relays and adjusting external module I/O settings. These users cannot configure the JNIOR and are subject to all file permissions.

Disabled

You cannot log into a Disabled account. The account still exists and can be restored at any point. This tag can be used to temporarily make an account inaccessible.

The account tags can be added or removed using the USERMOD command. Users can be added or removed using the USERADD command or USERDEL command respectively.

By | On November 28, 2017 1:42 pm | No Comments | Categorized in: ,