Create admin user: Difference between revisions

From Jwiki
No edit summary
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Create Admin on Proxmox VE 9 ==


1. Create user:
=== 1. Install <code>sudo</code> (if not present) ===
 
os level
 
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
useradd -s /bin/bash -m <user>
apt update && apt install -y sudo
</syntaxhighlight>
</syntaxhighlight>


 
=== 2. Create an Administrative User ===
pve level
The following script will:
* Create a new local Linux user (replace <code>asd</code> and password as needed).
* Add the user to the <code>sudo</code> group.
* Create an <code>admins</code> group in Proxmox user management.
* Assign the <code>Administrator</code> role to the group.
* Add the user to the Proxmox permission system with PAM authentication.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
pveum user add <user>@pam
USER="asd"
</syntaxhighlight>
PASS="asd"
COMMENT="System Administrator"


2. Create the group:
# Create local user if not existing
if ! id "$USER" &>/dev/null; then
  useradd -m -s /bin/bash -G sudo "$USER"
  echo "$USER:$PASS" | chpasswd
fi


<syntaxhighlight lang="bash">
# Create admin group in Proxmox (ignore error if it exists)
pveum group add admin -comment "System Administrators"
pveum groupadd admins --comment "${COMMENT} group" || true


# Assign Administrator role to the group (root-level permission)
pveum acl modify / --group admins --role Administrator


pveum acl modify / -group admin -role Administrator
# Add user to Proxmox user database (PAM authentication)
pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true
</syntaxhighlight>
</syntaxhighlight>


=== 3. Remove the Created User and Group ===
To cleanly remove the user and associated group from both Linux and Proxmox:


3. Assign group to user:
<syntaxhighlight lang="bash">
USER="asd"


<syntaxhighlight lang="bash">
# Remove local Linux user
pveum user modify <user>@pam -group admin
deluser --remove-home "$USER"
 
# Remove from Proxmox permission system
pveum user delete "${USER}@pam" || true
pveum group delete admins || true
</syntaxhighlight>
</syntaxhighlight>


3+1. Disable root on gui (optional):
=== 4. (Optional) Disable Root GUI Access ===
For improved security, it is recommended to disable the default <code>root@pam</code> account GUI access once an administrative user exists:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 37: Line 56:
</syntaxhighlight>
</syntaxhighlight>


There are use cases when you need it, to enable
==== To re-enable root GUI access: ====
 
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
pveum user modify root@pam --enable 1
pveum user modify root@pam --enable 1
</syntaxhighlight>
</syntaxhighlight>
'''Notes:'''
* Always update default passwords before production use.
* The <code>admins</code> group will retain <code>Administrator</code> privileges assigned through the ACL.
* Be sure to have at least one active administrative account before disabling root GUI access.
* All commands must be executed with root privileges (via shell or sudo).
[[Category:Proxmox VE]]

Latest revision as of 22:04, 10 October 2025

Create Admin on Proxmox VE 9

1. Install sudo (if not present)

apt update && apt install -y sudo

2. Create an Administrative User

The following script will:

  • Create a new local Linux user (replace asd and password as needed).
  • Add the user to the sudo group.
  • Create an admins group in Proxmox user management.
  • Assign the Administrator role to the group.
  • Add the user to the Proxmox permission system with PAM authentication.
USER="asd"
PASS="asd"
COMMENT="System Administrator"

# Create local user if not existing
if ! id "$USER" &>/dev/null; then
  useradd -m -s /bin/bash -G sudo "$USER"
  echo "$USER:$PASS" | chpasswd
fi

# Create admin group in Proxmox (ignore error if it exists)
pveum groupadd admins --comment "${COMMENT} group" || true

# Assign Administrator role to the group (root-level permission)
pveum acl modify / --group admins --role Administrator

# Add user to Proxmox user database (PAM authentication)
pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true

3. Remove the Created User and Group

To cleanly remove the user and associated group from both Linux and Proxmox:

USER="asd"

# Remove local Linux user
deluser --remove-home "$USER"

# Remove from Proxmox permission system
pveum user delete "${USER}@pam" || true
pveum group delete admins || true

4. (Optional) Disable Root GUI Access

For improved security, it is recommended to disable the default root@pam account GUI access once an administrative user exists:

pveum user modify root@pam --enable 0

To re-enable root GUI access:

pveum user modify root@pam --enable 1

Notes:

  • Always update default passwords before production use.
  • The admins group will retain Administrator privileges assigned through the ACL.
  • Be sure to have at least one active administrative account before disabling root GUI access.
  • All commands must be executed with root privileges (via shell or sudo).