Create admin user: Difference between revisions

Revision as of 22:02, 10 October 2025

Install `sudo` on Proxmox VE 9

1. Install `sudo` (if not present)

apt update && apt install -y sudo

2. Create an Administrative User

The following script will:

Create a new local Linux user (replace asd and password as needed).
Add the user to the sudo group.
Create an admins group in Proxmox user management.
Assign the Administrator role to the group.
Add the user to the Proxmox permission system with PAM authentication.

USER="asd"
PASS="asd"
COMMENT="System Administrator"

# Create local user if not existing
if ! id "$USER" &>/dev/null; then
  useradd -m -s /bin/bash -G sudo "$USER"
  echo "$USER:$PASS" | chpasswd
fi

# Create admin group in Proxmox (ignore error if it exists)
pveum groupadd admins --comment "${COMMENT} group" || true

# Assign Administrator role to the group (root-level permission)
pveum acl modify / --group admins --role Administrator

# Add user to Proxmox user database (PAM authentication)
pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true

3. Remove the Created User and Group

To cleanly remove the user and associated group from both Linux and Proxmox:

USER="asd"

# Remove local Linux user
deluser --remove-home "$USER"

# Remove from Proxmox permission system
pveum user delete "${USER}@pam" || true
pveum group delete admins || true

4. (Optional) Disable Root GUI Access

For improved security, it is recommended to disable the default root@pam account GUI access once an administrative user exists:

pveum user modify root@pam --enable 0

To re-enable root GUI access:

pveum user modify root@pam --enable 1

Notes:

Always update default passwords before production use.
The admins group will retain Administrator privileges assigned through the ACL.
Be sure to have at least one active administrative account before disabling root GUI access.
All commands must be executed with root privileges (via shell or sudo).

@@ Line 1: / Line 1: @@
-== Install <code>sudo</code> on Proxmox ==
+== Install <code>sudo</code> on Proxmox VE 9 ==
 === 1. Install <code>sudo</code> (if not present) ===
 <syntaxhighlight lang="bash">
-apt update && apt install sudo
+apt update && apt install -y sudo
 </syntaxhighlight>
 === 2. Create an Administrative User ===
-The script below will:
+The following script will:
-* Create a new user (replace <code>asd</code> and password as needed).
+* Create a new local Linux user (replace <code>asd</code> and password as needed).
 * Add the user to the <code>sudo</code> group.
-* Create an admin group in Proxmox's user management.
+* Create an <code>admins</code> group in Proxmox user management.
-* Assign the <code>Administrator</code> role.
+* Assign the <code>Administrator</code> role to the group.
+* Add the user to the Proxmox permission system with PAM authentication.
 <syntaxhighlight lang="bash">
@@ Line 17: / Line 18: @@
 PASS="asd"
 COMMENT="System Administrator"
+# Create local user if not existing
 if ! id "$USER" &>/dev/null; then
-   sudo useradd -m -s /bin/bash -G sudo "$USER" && echo "$USER:$PASS" | sudo chpasswd
+   useradd -m -s /bin/bash -G sudo "$USER"
+  echo "$USER:$PASS" | chpasswd
 fi
-pveum groupadd admin --comment "${COMMENT} group" 2>/dev/null
-pveum aclmod / --group admin --role Administrator
+# Create admin group in Proxmox (ignore error if it exists)
-pveum useradd "${USER}@pam" --comment "${COMMENT}" --groups admin 2>/dev/null
+pveum groupadd admins --comment "${COMMENT} group" || true
+# Assign Administrator role to the group (root-level permission)
+pveum acl modify / --group admins --role Administrator
+# Add user to Proxmox user database (PAM authentication)
+pveum user add "${USER}@pam" --comment "${COMMENT}" --groups admins || true
 </syntaxhighlight>
 === 3. Remove the Created User and Group ===
-To delete the user and associated group:
+To cleanly remove the user and associated group from both Linux and Proxmox:
 <syntaxhighlight lang="bash">
 USER="asd"
-sudo deluser --remove-home "$USER"
-pveum user delete "${USER}@pam" 2>/dev/null
+# Remove local Linux user
-pveum group remove admin 2>/dev/null
+deluser --remove-home "$USER"
+# Remove from Proxmox permission system
+pveum user delete "${USER}@pam" || true
+pveum group delete admins || true
 </syntaxhighlight>
 === 4. (Optional) Disable Root GUI Access ===
-For enhanced security, disable root login for the Proxmox web GUI:
+For improved security, it is recommended to disable the default <code>root@pam</code> account GUI access once an administrative user exists:
 <syntaxhighlight lang="bash">
@@ Line 42: / Line 56: @@
 </syntaxhighlight>
-==== To re-enable root access to GUI: ====
+==== To re-enable root GUI access: ====
 <syntaxhighlight lang="bash">
 pveum user modify root@pam --enable 1
@@ Line 48: / Line 62: @@
 '''Notes:'''
-* Change all hardcoded credentials before using in production!
+* Always update default passwords before production use.
-* Assigning <code>Administrator</code> to a non-root user allows you to safely disable root UI access.
+* The <code>admins</code> group will retain <code>Administrator</code> privileges assigned through the ACL.
-* All commands require root/sudo privileges on your Proxmox host.
+* Be sure to have at least one active administrative account before disabling root GUI access.
+* All commands must be executed with root privileges (via shell or sudo).
-[[Category:Proxmox VE]]
+[[Category:Proxmox VE 9]]