Management Accounts and Other Accounts
The OceanStor Dorado V6 series storage system defines different management accounts and built-in accounts as well as allocates different configuration and maintenance permissions to these accounts. The following describes usage, and default user names and passwords of different accounts and how to change the passwords of these accounts.
Management Accounts
Table 1-3 lists the management accounts and password policies supported by the storage system.
Account Category |
User Role |
Usage |
Default User Name |
Default Password |
Method for Changing Passwordsa |
---|---|---|---|---|---|
Built-in users of the controller enclosure and disk enclosureb |
Root administrator |
Used to initialize the password of the super administrator when the super administrator forgets its password. (The old password is required when the super administrator wants to set a new password.) The user can only be logged in to using a serial port. |
_super_admin |
Admin@revive |
Run the chgsuperpasswd command. For details about how to change a password, see the advanced O&M command reference. Contact Huawei technical support to obtain related documents. NOTICE:
After changing the password of user _super_admin, you must remember the new password. If not, you cannot perform any operations that require this user right. To retrieve the new password, you need to return the storage device to the factory for handling. |
Super administrator |
Used to transmit files between internal controllers through the SFTP protocol. |
ibc_os_hs |
Storage@21st |
Run the chgibcpasswd command. For details about how to change a password, see the advanced O&M command reference. Contact Huawei technical support to obtain related documents. |
|
Super administrator (A) |
The user has full control over the storage system. It can manage users and initialize the passwords users. |
admin |
Admin@storage |
Method for changing the password:
NOTE:
If the password of super administrator (A) for the storage system is changed, the password of super administrator (B) for the SES system is automatically changed to the same value. |
|
Super administrator (B) |
Used to access the BMC system using a serial port. |
admin |
Admin@storage |
Method for changing the password:
NOTE:
If the password of super administrator (B) for the SES system is changed, the password of super administrator (A) for the storage system is automatically changed to the same value. |
|
a: You are advised to change the default login password immediately after you log in to the storage system for the first time, and to periodically change your login password in the future. This reduces password leakage risks. b: If you clear configurations of the storage system, names and passwords of built-in controller enclosure users are reset to the default ones, except for users who access BMC through serial ports. NOTE:
For details about setting password expiration notification policies, see Configuring a Security Policy for System User. |
Table 1-4 lists the management accounts and password policies supported by the quorum server.
Account Category |
User Role |
Usage |
Default User Name |
Default Password |
Method for Changing Passwordsa |
---|---|---|---|---|---|
Management account of the quorum server |
Quorum server administrator |
Quorum server administrator |
quorumAdmin |
Huawei@SYS3 |
Run the passwd quorumAdmin command. |
Super administrator of the basic Input Output System (BIOS) |
Manages the basic input/output system, and configures and controls underlying hardware. |
N/A |
Admin@9000 |
Refer to (Optional) Quorum Server Passwords and Password Changing Methods (Applicable to TaiShan 200) and (Optional) Quorum Server Passwords and Password Changing Methods (Applicable to 1288H V5). |
|
Super administrator of the Intelligent Baseboard Management Controller (iBMC) |
Has permission to access all iBMC resources and perform all operations. |
Administrator |
Admin@9000 |
Refer to (Optional) Quorum Server Passwords and Password Changing Methods (Applicable to TaiShan 200) and (Optional) Quorum Server Passwords and Password Changing Methods (Applicable to 1288H V5). |
|
Super administrator |
Used to start, stop, and run core processes that require the root permission in the operating system |
root |
Huawei@SYS3 |
Run the passwd root command. |
|
a: To prevent security risks caused by password leakage, you are advised to change the default password immediately after you log in to the quorum server for the first time. NOTE:
|
Built-in Accounts
Apart from management accounts, the storage system has other built-in accounts that can be used to control the system running process. Table 1-5 lists other built-in accounts.
These built-in accounts are only running in the storage system and cannot be used to log in to and access the storage system from an external system.
Module |
Account Name |
Description |
---|---|---|
Array OS |
root |
Used to start, stop, and run core processes that require the root permission in the operating system of the storage system. |
bin |
bin account. |
|
daemon |
A system account used to control background processes. |
|
adm |
adm account. |
|
lp |
Printing service account. |
|
sync |
Synchronization service account. |
|
shutdown |
Shutdown service account. |
|
halt |
Halt service account. |
|
Email service account. |
||
operator |
Operating account. |
|
games |
games account. |
|
ftp |
Used to start, stop, and run daemon processes of the SFTP and FTP services in the operating system of the storage system. |
|
nobody |
An anonymous account. Special permissions are not required when software processes are assigned to the nobody account. |
|
dbus |
System message bus account. |
|
systemd-coredump |
systemd-coredump account. |
|
systemd-network |
systemd Network Management account. systemd-network is a system service for network management. It can be used to detect and configure network devices and create virtual network devices. |
|
systemd-resolve |
Provides the network name resolution service for local applications. |
|
tss |
Account used by the tcsd daemon process. |
|
rpc |
RPC service account. |
|
polkitd |
libvirt virtualization component dependency. |
|
ntp |
NTP service account. |
|
dhcpd |
Used to start, stop, and run the dhcpd daemon process. |
|
nscd |
Used by the daemon process of LDAP cache. |
|
sshd |
Used to start, stop, and run the sshd daemon process. |
|
nslcd |
LDAP client account. |
|
ftp2 |
This account is used to start, stop, and run the second VSFTP service daemon process of the built-in operating system of the storage device. |
|
OceanStorApp_dataUser |
Used to start, stop, and run the processes related to App_data in the built-in operating system of the storage device. |
|
OceanStorDevmUser |
Used to start, stop, and run the processes related to Devm in the built-in operating system of the storage device. |
|
OceanStorSysUser |
Used to start, stop, and run the processes related to Sys in the built-in operating system of the storage device. |
|
OceanStorOAMUser |
Used to start, stop, and run the processes related to OAM in the built-in operating system of the storage device. |
|
OceanStorInfraUser |
Used to start, stop, and run the processes related to Infra in the built-in operating system of the storage device. |
|
OceanStorPangeaUser |
Used to start, stop, and run the processes related to Pangea in the built-in operating system of the storage device. |
|
OceanStorPmsUser |
Used to start, stop, and run the processes related to Pms in the built-in operating system of the storage device. |
|
OceanStorHswUser |
Used to start, stop, and run the processes related to Gs in the built-in operating system of the storage device. |
|
OceanStorFdsaUser |
Used to start, stop, and run the processes related to FDSA in the built-in operating system of the storage device. |
|
OceanStorDhaUser |
Used to start, stop, and run the processes related to BDM in the built-in operating system of the storage device. |
|
OceanStorMgrUser |
Used to start, stop, and run the processes related to OAM in the built-in operating system of the storage device. |
|
OceanStorPCIEUser |
Used to start, stop, and run the processes related to Pangea in the built-in operating system of the storage device. |
|
OceanStorCommonUser |
Used to start, stop, and run the processes related to Common in the built-in operating system of the storage device. |
|
systemd-timesync |
systemd-timesync service account. |
|
unbound |
Domain name resolution service account. |
|
sysmonitoralarm |
Monitoring and alarm service account. |
|
Array BMC |
root |
Used to start, stop, and run core processes that require the root permission in the operating system of the storage system. The system has prohibited the account's login attempts. |
ftp |
Used to start, stop, and run daemon processes of the SFTP and FTP services in the operating system of the storage system. |
|
nobody |
An anonymous account. Special permissions are not required when software processes are assigned to the nobody account. |
|
sshd |
Used to start, stop, and run the sshd daemon process. |
|
telnetd |
Telnetd account. The account does not provide any services. |
|
admin |
Default login account. |
Apart from management accounts, the quorum server has other built-in accounts that can be used to control the system running process. Table 1-6 lists other built-in accounts.
Module |
Account Name |
Description |
---|---|---|
OS |
nobody |
An anonymous account. Special permissions are not required when software processes are assigned to the nobody account. |
news |
Used by news servers and other related programs. |
|
daemon |
A system account used to control background processes. |
|
sshd |
Used to start, stop, and run the sshd daemon process. |
|
messagebus |
Used to transmit messages among system processes. |
|
postfix |
Used to start, stop, and run the postfix daemon process. |
|
dnsmasq |
Account used by the DNS service. |
|
polkituser |
PolicyKit account. |
|
haldaemon |
Used to monitor hardware state changes. |
|
qemu |
Used to simulate I/O operations in the virtualization process. |
|
pulse |
PulseAudio account. |
|
gdm |
Gnome account. |