Re: delete user Admin or change the role on Nexus 5000 ???

2205_Romy · ‎10-05-2010

Is it possible to delete user Admin or change the role

I created a new role with low permission and give it to the Admin user. I logged in with an other user (network-admin) and tried this.

# no user Admin role network-admin

role cannot be deleted from user

#no user Admin

cannot delete user Admin

Is there any thing I can do, to fix this?

Thanks!

rdboyd · ‎10-05-2010

The syntax to delete the user is:

#config t

#(config) no user admin

That should delete the user 'admin'

regards

Ricky Boyd

2205_Romy · ‎10-06-2010

Oh.. Sorry.. I wrote this both in config mode:

(config)# no user admin
cannot delete user admin

and

Ozden Karakok · ‎10-06-2010

System defined roles and usernames can not be deleted in NX-OS. (on N5K/N7K/MDS platforms)

You can assign multiple roles to a user but the role that has higher permissions will overwrite to the other roles.

You may want to define/create new roles and usernames for autherization, you could be also using TACACs/Radius servers for remote aaa.

Let me know if you have further queries.

Thanks.

2205_Romy · ‎10-07-2010

Thanks for answer.

The user "admin" is always there with the permission to do anything, because of his role "network-admin".

If there is a person who has no permission to go on the nexus cli, but who knows that there is the user "admin", he just have to find out the password.

Then he can do anything, because he is has the network-admin role. And no other role can overwrite this.

In`t this is a security risk?

regards

Lucien Avramov · ‎10-09-2010

Yes but not really:

You can use an access-list where only certain IP addresses will be able to telnet / ssh to the device.

Also by default telnet is disable for security purposes.