Manage User Accounts on Linux Real-Time OS Devices

Updated Nov 16, 2018

Reported In

Hardware

  • cRIO-9068

Operating System

  • NI Linux Real-Time

Issue Details

To improve the security and functionality of my Real-Time system, I would like to modify the standard admin user account. Also, I would like to create multiple accounts to meet my particular application's requirements. How do I manage the user accounts for my NI Linux Real-Time OS device? 

Solution

NI controllers running NI Linux Real-Time feature one default administrator account, the admin account. This factory-standard account allows end-users to easily access their new hardware. However, the default password is blank (an empty character field), potentially allowing un-authorized users to access the device. 

Users can add users, change passwords, and set permissions using the NI Web-based Configuration & Monitoring tool. Neither the useradd or the adduser commands can be used from the terminal line to create new user accounts for a NI Linux Real-Time OS target. However, account passwords can be updated from the Linux shell using the passwd command.


Account Creation Using NI Web-based Configuration & Monitoring
To access the appropriate configuration utility to change and modify accounts on your Real-Time target, please complete the following steps:
  1. Ensure that the NI Web-Based Monitoring and Configuration driver has been installed on your Real-Time target.
  2. Enter the target's Hostname or IP address into your web browser's address bar.
  3. If you do not have Microsoft Silverlight installed on your computer, you will be prompted to do so when the NI Web-Based Monitoring and Configuration page starts to load.
  4. Use the instructions outlined in the Monitoring and Configuring a Remote Device from a Web Browser - LabVIEW 2018 Help article to log in to the configuration page, add accounts, modify permissions, and change the default administrator password.
  5. In addition to creating and modifying user accounts, you can create user groups and set group-wide permissions. 

The following permissions can be assigned to users or groups:  DeployWS, FirmwareUpdate, FSRead, FSWrite, GetDB, GetSystemConfiguration, GetWSAPIKey, ManageExtensions, ManageWS, NIWebCer, Reboot, RemoteShell, SetDB, SetRTLockPassword, SetSystemConfiguration, SetWSAPIKey, SSLAdminModifyCerts, SSLAdminReadCerts, UndeployWS, VariableBrowse, VariableCreateDeleteGroup, VariableRead, VariableReadGroup, ViewConsoleOutput, WIFConfigureAppServer.



Changing Passwords with the Linux Shell
To change the password of an user account from the Linux command line, please complete the following steps:
  1. Access your target's Linux shell using either SSH or serial console output.
  2. Log in to the device using an account with the appropriate permissions.
  3. If you are already logged on with the account that you wish to modify, please skip to step five.
  4. Use the su <username> command to change the user account you want to modify.
  5. Enter the passwd command.
  6. You will be prompted for the current and for the new password.
  7. After entering the new password twice, you should receive the message: passwd: password updated successfully

One important caveat with using the passwd method is that the command will not accept empty-field passwords. To set blank passwords, the NI Web-based Monitoring and Configuration page must be used.



Native NI Linux Real-Time OS Accounts
From the shell, you can find that the NI Linux Real-Time OS has four native user accounts: admin, lvuser, root, and webserv. You can log in to these user accounts with the following command: su <username>.  Conversely, you can use the exit command to return to the initial user account. These accounts can be very useful when you would like to limit the permissions/access of your newly developed programs.

The native lvuser account is used by LabVIEW Real-Time to deploy and run LabVIEW code on the Linux RT target. As a result, using the NI Web-based Configuration & Monitoring tool to create a new user account called "lvuser" can lead to deployment and run-time errors if newly created lvuser account does not have administrator privileges.  The related links section below contains links to documents which explain some of the run-time errors that may occur in this situation.  It is best practice to ensure that newly created user accounts do not share the same name as any of the native NI Linux Real-Time OS accounts.

WAS THIS ARTICLE HELPFUL?

Not Helpful