Manage User Accounts on NI Linux Real-Time OS Devices

To improve the security and functionality of my Real-Time system, I would like to modify the standard admin user account. Also, I would like to create multiple accounts to meet my particular application's requirements. How do I manage the user accounts for my NI Linux Real-Time OS device? 

Note: This page contains material from the NI Linux RT Security User Guide. For more detailed information, visit the User Guide located here.
 

NI controllers running NI Linux Real-Time feature one default administrator account, the admin account. This factory-standard account allows end-users to easily access their new hardware. However, the default password is blank (an empty character field), potentially allowing un-authorized users to access the device. 

Users can add users, change passwords, and set permissions using the NI Web-based Configuration & Monitoring tool. Neither the useradd or the adduser commands can be used from the terminal line to create new user accounts for a NI Linux Real-Time OS target. However, account passwords can be updated from the Linux shell using the passwd command.
 

Account Creation Using NI Web-based Configuration & Monitoring

To access the appropriate configuration utility to change and modify accounts on your Real-Time target, please complete the following steps:

1. Ensure that NI Web-Based Monitoring and Configuration has been installed on your Real-Time target by checking the software stack in NI Measurement & Automation Explorer (NI MAX).
2. Enter the target's Hostname or IP address into your web browser's address bar.
3. If you do not have Microsoft Silverlight installed on your computer, you will be prompted to do so when the NI Web-Based Monitoring and Configuration page starts to load.
4. Use the instructions outlined here to log in to the configuration page, add accounts, modify permissions, and change the default administrator password.
5. In addition to creating and modifying user accounts, you can create user groups and set group-wide permissions. 

 

Changing Passwords with the Linux Shell

To change the password of an user account from the Linux command line, please complete the following steps:

1. Access your target's Linux shell using either SSH or serial console output.
2. Log in to the device using an account with the appropriate permissions.
3. If you are already logged on with the account that you wish to modify, please skip to step five.
4. Use the su <username> command to change the user account you want to modify.
5. Enter the passwd command.
6. You will be prompted for the current and for the new password.
7. After entering the new password twice, you should receive the message: passwd: password updated successfully

Note: When using the passwd method, the command will not accept empty-field passwords. To set blank passwords, the NI Web-based Monitoring and Configuration page must be used.

 

Native NI Linux Real-Time OS Accounts

From the shell, you can find that the NI Linux Real-Time OS has four native user accounts: admin, lvuser, root, and webserv. You can log in to these user accounts with the following command: su <username>.  Conversely, you can use the exit command to return to the initial user account. These accounts can be very useful when you would like to limit the permissions/access of your newly developed programs.

The native lvuser account is used by LabVIEW Real-Time to deploy and run LabVIEW code on the Linux RT target. As a result, using the NI Web-based Configuration & Monitoring tool to create a new user account called "lvuser" can lead to deployment and run-time errors if newly created lvuser account does not have administrator privileges.  The related links section below contains links to documents which explain some of the run-time errors that may occur in this situation.  It is best practice to ensure that newly created user accounts do not share the same name as any of the native NI Linux Real-Time OS accounts.

Additional Information

The following permissions can be assigned to users or groups: DeployWS, FirmwareUpdate, FSRead, FSWrite, GetDB, GetSystemConfiguration, GetWSAPIKey, ManageExtensions, ManageWS, NIWebCer, Reboot, RemoteShell, SetDB, SetRTLockPassword, SetSystemConfiguration, SetWSAPIKey, SSLAdminModifyCerts, SSLAdminReadCerts, UndeployWS, VariableBrowse, VariableCreateDeleteGroup, VariableRead, VariableReadGroup, ViewConsoleOutput, WIFConfigureAppServer.
 
To view descriptions of these permissions, first login into your device in NI MAX. Then, navigate to Help»Permissions in the NI Web-based Configuration & Monitoring tool.