Create admin user: Difference between revisions
| No edit summary | No edit summary | ||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| == Create Admin on Proxmox VE 9 == | |||
| 1.  | === 1. Install <code>sudo</code> (if not present) === | ||
| <syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| apt update && apt install -y sudo | |||
| </syntaxhighlight> | </syntaxhighlight> | ||
| === 2. Create an Administrative User === | |||
| The following script will: | |||
| * Create a new local Linux user (replace <code>asd</code> and password as needed). | |||
| * Add the user to the <code>sudo</code> group. | |||
| * Create an <code>admins</code> group in Proxmox user management. | |||
| * Assign the <code>Administrator</code> role to the group. | |||
| * Add the user to the Proxmox permission system with PAM authentication. | |||
| <syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| USER="asd" | |||
| PASS="asd" | |||
| COMMENT="System Administrator" | |||
| # Create local user if not existing | |||
| if ! id "$USER" &>/dev/null; then | |||
|   useradd -m -s /bin/bash -G sudo "$USER" | |||
|   echo "$USER:$PASS" | chpasswd | |||
| fi | |||
| # Create admin group in Proxmox (ignore error if it exists) | |||
| pveum  | pveum groupadd admins --comment "${COMMENT} group" || true | ||
| # Assign Administrator role to the group (root-level permission) | |||
| pveum acl modify / --group admins --role Administrator | |||
| pveum  | # Add user to Proxmox user database (PAM authentication) | ||
| pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true | |||
| </syntaxhighlight> | </syntaxhighlight> | ||
| === 3. Remove the Created User and Group === | |||
| To cleanly remove the user and associated group from both Linux and Proxmox: | |||
| <syntaxhighlight lang="bash"> | |||
| USER="asd" | |||
| # Remove local Linux user | |||
| pveum user  | deluser --remove-home "$USER" | ||
| # Remove from Proxmox permission system | |||
| pveum user delete "${USER}@pam" || true | |||
| pveum group delete admins || true | |||
| </syntaxhighlight> | </syntaxhighlight> | ||
| === 4. (Optional) Disable Root GUI Access === | |||
| For improved security, it is recommended to disable the default <code>root@pam</code> account GUI access once an administrative user exists: | |||
| <syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 37: | Line 56: | ||
| </syntaxhighlight> | </syntaxhighlight> | ||
| ==== To re-enable root GUI access: ==== | |||
| <syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| pveum user modify root@pam --enable 1 | pveum user modify root@pam --enable 1 | ||
| </syntaxhighlight> | </syntaxhighlight> | ||
| '''Notes:''' | |||
| * Always update default passwords before production use. | |||
| * The <code>admins</code> group will retain <code>Administrator</code> privileges assigned through the ACL. | |||
| * Be sure to have at least one active administrative account before disabling root GUI access. | |||
| * All commands must be executed with root privileges (via shell or sudo). | |||
| [[Category:Proxmox VE]] | |||
Latest revision as of 22:04, 10 October 2025
Create Admin on Proxmox VE 9
1. Install sudo (if not present)
apt update && apt install -y sudo
2. Create an Administrative User
The following script will:
- Create a new local Linux user (replace asdand password as needed).
- Add the user to the sudogroup.
- Create an adminsgroup in Proxmox user management.
- Assign the Administratorrole to the group.
- Add the user to the Proxmox permission system with PAM authentication.
USER="asd"
PASS="asd"
COMMENT="System Administrator"
# Create local user if not existing
if ! id "$USER" &>/dev/null; then
  useradd -m -s /bin/bash -G sudo "$USER"
  echo "$USER:$PASS" | chpasswd
fi
# Create admin group in Proxmox (ignore error if it exists)
pveum groupadd admins --comment "${COMMENT} group" || true
# Assign Administrator role to the group (root-level permission)
pveum acl modify / --group admins --role Administrator
# Add user to Proxmox user database (PAM authentication)
pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true
3. Remove the Created User and Group
To cleanly remove the user and associated group from both Linux and Proxmox:
USER="asd"
# Remove local Linux user
deluser --remove-home "$USER"
# Remove from Proxmox permission system
pveum user delete "${USER}@pam" || true
pveum group delete admins || true
4. (Optional) Disable Root GUI Access
For improved security, it is recommended to disable the default root@pam account GUI access once an administrative user exists:
pveum user modify root@pam --enable 0
To re-enable root GUI access:
pveum user modify root@pam --enable 1
Notes:
- Always update default passwords before production use.
- The adminsgroup will retainAdministratorprivileges assigned through the ACL.
- Be sure to have at least one active administrative account before disabling root GUI access.
- All commands must be executed with root privileges (via shell or sudo).
