1. Owner's Guide
  2. Security and Maintenance of Recovery Appliance
  3. User Security on Recovery Appliance
  4. RACLI Non-Root User

RACLI Non-Root User

Allows a non-privileged user to execute RACLI commands.

The Recovery Appliance in release 21.1 has become more secure by limiting root access to the Recovery Appliance. It introduces the raadmin group, whose members can execute RACLI commands and thus perform system management that previously required root access.

This change aligns the Recovery Appliance with LDAP and Name Services Requests and improves auditing. At the same time, privileged remote access (root SSH) is removed for better security.

Most Recovery Appliance management tasks can be performed through non-privileged access to RACLI.

Creating an admin_user

Issue the following command from the compute server by providing an appropriate system user name for <user_name>. 

racli add admin_user --user_name=<user_name>

This adds an admin user to the raadmin group. This admin user is created if it is not found in the passwd database. The logic prompts you to enter a user password.

  • racli list admin_user

    Lists all of the users who are in the raadmin group and can execute RACLI commands.

  • racli alter admin_user --user_name=<user_name>

    Changes the password for the provided <user_name>. The logic prompts you to enter a user password.

  • racli remove admin_user --user_name=<user_name>

    Removes the provided <user_name> from the passwd database. The <user_name> has to be a member of the raadmin group.