1. Security Guide for Oracle Exadata
  2. User Security on Oracle Exadata
  3. Default User Accounts for Oracle Exadata

3.1 Default User Accounts for Oracle Exadata

Several user accounts regularly manage the components of Oracle Exadata.

In addition to the root user, Oracle Exadata Storage Servers have two users, celladmin and cellmonitor. The celladmin user is used to run all services on the cell. The cellmonitor user is used for monitoring purposes. The cellmonitor user cannot run services on the cell. Other Oracle Exadata components have users for the management of the component.

Note:

After Oracle Exadata has been deployed, the installation process disables all root SSH keys and expires all user passwords as a security measure for your system. If you do not want the SSH keys disabled or the passwords expired, advise the installation engineer before the deployment.

Starting with Oracle Exadata System Software release 19.1.0, two new users are created, to improve security of specific actions. The cellofl user runs query offload processes on the storage servers as a non-root user. The exawatch user is responsible for collecting and archiving system statistics on both the database servers and the storage servers.

The following table lists the default users and passwords for the Oracle Exadata components. All default passwords should be changed after installation of Oracle Exadata. Refer to My Oracle Support note 1291766.1 for information about changing the default user accounts passwords.

Table 3-1 Default Oracle Exadata Users and Passwords

Account Default Password Account Type Component(s)

root

welcome1

Operating system user

Oracle Exadata Database Servers

Oracle Exadata Storage Servers

RDMA Network Fabric switches

Database server ILOMs

Oracle Exadata Storage Server ILOMs

RDMA Network Fabric ILOMs

oracle

We1come$

Operating system user

Oracle Exadata Database Servers

grid

Note: This account exists only if role separation is chosen during deployment.

We1come$

Operating system user

Oracle Exadata Database Servers

celladmin

welcome

Note: Commencing with the Oracle Exadata Deployment Assistant (OEDA) November 2019 release, the password of the celladmin user is set to a random string during deployment, which you must change on first use.

Operating system user

Oracle Exadata Storage Servers

CELLDIAG

Welcome12345

Note: The password of the CELLDIAG user is reset to a random password during the "Apply Security Fixes" step of OEDA.

Oracle Exadata System Software user

Oracle Exadata Storage Servers

cellmonitor

welcome

Note: Commencing with the OEDA November 2019 release, the password of the cellmonitor user is set to a random string during deployment, which you must change on first use.

Operating system user

Oracle Exadata Storage Servers

cellofl

Note: This account has no login privileges and exists only in release 19.1.0 and later.

 

Operating system user

Oracle Exadata Storage Servers

dbmadmin

welcome

Note: Commencing with the OEDA November 2019 release, the password of the dbmadmin user is set to a random string during deployment, which you must change on first use.

Operating system user

Oracle Exadata Database Servers

dbmmonitor

welcome

Note: Commencing with the OEDA November 2019 release, the password of the dbmmonitor user is set to a random string during deployment, which you must change on first use.

Operating system user

Oracle Exadata Database Servers

dbmsvc

Note: This account has no login privileges and exists only in release 12.1.2.1.0 and later.

Operating system user

Oracle Exadata Database Servers

exawatch

Note: This account has no login privileges and exists only in release 19.1.0 and later.

 

Operating system user

Oracle Exadata Database Servers

Oracle Exadata Storage Servers

SYS

We1come$

Oracle Database user

Oracle Exadata Database Servers

SYSTEM

We1come$

Oracle Database user

Oracle Exadata Database Servers

Grub boot loader

sos1Exadata

Operating system user

Oracle Exadata Database Servers

Oracle Exadata Storage Servers

nm2user

changeme

Firmware user

InfiniBand Network Fabric switches

ilom-admin

ilom-admin

ILOM user

InfiniBand Network Fabric switches

ilom-operator

ilom-operator

ILOM user

InfiniBand Network Fabric switches

admin

welcome1

Firmware/switch administrator

RoCE Network Fabric switches

admin

welcome1

Note: You should secure the enable mode password and secret values for the admin user.

Firmware user

Ethernet switches

admin

welcome1

Note: The password for the admin user is adm1n if you reset the PDU to factory default settings.

Firmware user

Power distribution units (PDUs)

Keyboard, video, mouse (KVM)

MSUser

Note: Management Server (MS) uses this account to reset the ILOM interface if it stops responding.

Do not modify this account. This account is to be used by MS only.

The MSUser password is not persisted anywhere. Each time MS starts up, it deletes the previous MSUser account and re-creates the account with a randomly generated password.

ILOM user

Database server ILOMs

Oracle Exadata Storage Server ILOMs

LocalMSV3user

Note: Management Server (MS) uses this account for hardware monitoring and failure handling using an automatic ILOM SNMP notification rule.

Do not modify this account or the associated ILOM SNMP notification rule. This account is to be used by MS only.

The LocalMSV3user password is not persisted anywhere. Each time MS starts up, it deletes the previous LocalMSV3user account and re-creates the account with a randomly generated password.

ILOM SNMP version 3 user

Database server ILOMs

Oracle Exadata Storage Server ILOMs

rocedisc

Note: By default, this account is disabled and cannot be used to log in to the RoCE Network Fabric switch.

Do not delete this account. Otherwise, verification of the switch configuration will fail.

  

RoCE Network Fabric switch user

RoCE Network Fabric switches

Related Topics

Parent topic: User Security on Oracle Exadata