2.3.5.1 Administer the ADMIN User
By default, each Exascale
cluster contains one superuser account. The user identifier (ID) for the superuser
account is admin
. The admin
user can implicitly
perform any system operation and effectively holds all system privileges.
During system deployment, the admin
user wallet is
created on every storage server at
/opt/oracle/cell/cellsrv/deploy/config/security/admwallet
and
every wallet contains the same system-generated private key.
If you choose to use the admin
user for ongoing system
administration, then you must manage access to the admin
user
wallet.
Alternatively, Oracle recommends the following approach:
-
Use the
admin
user to create your own dedicated Exascale administrator account or accounts. -
Extract the
admin
user private key from the wallet and store it in a secure off-site key store. You can extract the private key from a wallet by using the ESCLI lswallet command. -
Remove all copies of the
admin
user wallet.
By using this approach, you effectively disable the admin
user and
you must recreate the wallet if you require future admin
access.
Parent topic: Administer the Internal User Accounts