Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

delete user Admin or change the role on Nexus 5000 ???

Is it possible to delete user Admin or change the role

I  created a new role with low permission and give it to the Admin user. I  logged in with an other user (network-admin) and tried this.

# no user Admin role network-admin

role cannot be deleted from user

#no user Admin

cannot delete user Admin

Is there any thing I can do, to fix this?

Thanks!

5 REPLIES
New Member

Re: delete user Admin or change the role on Nexus 5000 ???

The syntax to delete the user is:

#config t

#(config) no user admin

That should delete the user 'admin'

regards

Ricky Boyd

New Member

Re: delete user Admin or change the role on Nexus 5000 ???

Oh.. Sorry.. I wrote this both in config mode:

(config)# no user admin
cannot delete user admin

and

Cisco Employee

Re: delete user Admin or change the role on Nexus 5000 ???

System defined roles and usernames can not be deleted in NX-OS. (on N5K/N7K/MDS platforms)

You can assign multiple roles to a user but the role that has higher permissions will overwrite to the other roles.

You may want to define/create new roles and usernames for autherization, you could be also using TACACs/Radius servers for remote aaa.

Let me know if you have further queries.

Thanks.

New Member

Re: delete user Admin or change the role on Nexus 5000 ???

Thanks for answer.

The user "admin" is always there with the permission to do anything, because of his role "network-admin".

If there is  a person who has no permission to go on the nexus cli, but who knows that there is the user "admin", he just have to find out the password.

Then he can do anything, because he is has the network-admin role. And no other role can overwrite this.

In`t this is a security risk?

regards

Re: delete user Admin or change the role on Nexus 5000 ???

Yes but not really:

You can use an access-list where only certain IP addresses will be able to telnet / ssh to the device.

Also by default telnet is disable for security purposes.

7478
Views
0
Helpful
5
Replies
CreatePlease login to create content