User Account
The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.
nv set system aaa class <class-id>
Command Syntax
| Syntax | Description |
|---|---|
<class-id> | The name of the class. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
nv set system aaa class class1
nv set system aaa class <class-id> action
Configures the allow or deny action for the specified class.
Command Syntax
| Syntax | Description |
|---|---|
<class-id> | The name of the class. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa class class2 action allow
nv set system aaa class <class-id> command-path <command-path-id>
Configures the command path for the specified class.
Command paths, which Cumulus Linux bases on the objects in the NVUE declarative model and, which are the same as URI paths; for example; you can use the /vrf/ command path to allow or deny a user access to all VRFs, or /system/nat to allow or deny a user access to NAT configuration. Use the tab key to see available command paths (nv set system aaa class <class-name> command-path / <<press tab>>).
Command Syntax
| Syntax | Description |
|---|---|
<class-id> | The name of the class. |
<command-path-id> | The command path. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa class class1 command-path /interface/
nv set system aaa class <class-id> command-path <command-path-id> permission
Configures the permissions for the command path for the specified class.
You can specify ro to run show commands, rw to run set, unset, and apply commands, act to run action commands, or all to run all commands. The default permission setting is all.
Command Syntax
| Syntax | Description |
|---|---|
<class-id> | The name of the class. |
<command-path-id> | The name of the class. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa class class1 command-path /interface/*/acl/ permission ro
nv set system aaa role <role-id>
Configues a role. A role is a virtual identifier for multiple classes (groups). You can assign only one role for a user. For example, for a user that can manage interfaces, you can create a role called IFMgr.
Command Syntax
| Syntax | Description |
|---|---|
<role-id> | The name of the role. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa role ROLE1
nv set system aaa role <role-id> class <class-id>
Assigns the specified class to the role.
Command Syntax
| Syntax | Description |
|---|---|
<role-id> | The name of the role. |
<class-id> | The name of the class. |
Version History
Introduced in Cumulus Linux 5.7.0
Example
cumulus@switch:~$ nv set system aaa role ROLE1 class class1
nv set system aaa user <user-id> full-name <value>
Configures the full name for the specified user account. If the full name includes more than one name, either separate the names with a hyphen (FIRST-LAST) or enclose the full name in quotes (“FIRST LAST”).
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.4.0
Example
cumulus@switch:~$ nv set system aaa user admin2 full-name "FIRST LAST"
nv set system aaa user <user-id> hashed-password
Configures a hashed text password for the specified user account. You must specify the hashed password in Linux crypt format; the password must be a minimum of 15 to 20 characters long and must include special characters, digits, lower case alphabetic letters, and more.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.4.0
Example
cumulus@switch:~$ nv set system aaa user admin2 hashed-password '$1$/ETjhZMJ$P73qhBZEYP20mKnRkhBol0'
nv set system aaa user <user-id> password
Configures a plain text password for the specified user account by prompting you to enter a new password and to confirm the password.
You can also run the nv set system aaa user <user-id> password <plain-text-password> command to specify the plain text password inline. This command bypasses the Enter new password and Confirm password prompts but displays the plain text password as you type it.
NVUE hashes the plain text password and stores the value as a hashed password.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.4.0
Example
cumulus@switch:~$ nv set system aaa user admin2 password
nv set system aaa user <user-id> role
Configures the role for the user accounts configured on the switch and the groups to which they belong. You can specify system-admin, nvue-admin, and nvue-monitor.
In Cumulus Linux 5.13 and later, when you change the role for a user, Cumulus Linux terminates their session (including the SSH session) and they have to reauthenticate. For example, if you change the role for a user from nvue-admin to nvue-monitor, if the user tries to run an nv set command, their session disconnects and they have to reauthenticate.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.4.0
Example
cumulus@switch:~$ nv set system aaa user admin2 nvue-monitor
nv set system aaa user <user-id> spiffe-id <spiffe-id>
Configures a SPIFFE ID for the user account instead of a password.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
<spiffe-id> | The SPIFFE ID mapped to the user. |
Version History
Introduced in Cumulus Linux 5.12.0
Example
cumulus@switch:~$ nv set system aaa user admin2 spiffe-id spiffe://acme.com/billing/payments
nv set system aaa user <user> ssh cert-auth principals
Sets the principals for certificate-based authorization for the user.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.13.0
Example
cumulus@switch:~$ nv set system aaa user ADMIN1 ssh cert-auth principals aaa
nv set system aaa user <user> ssh cert-auth state
Enables and disables SSH certificate-based authorization for the user.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.13.0
Example
cumulus@switch:~$ nv set system aaa user ADMIN1 ssh cert-auth state enabled
nv set system aaa user <user-id> state
Turns the user account for the switch on or off. You can specify enabled or disabled.
In Cumulus Linux 5.10 and earlier, this command is nv set system aaa user <user-id> enable on or nv set system aaa user <user-id> enable off.
Command Syntax
| Syntax | Description |
|---|---|
<user-id> | The user account. |
Version History
Introduced in Cumulus Linux 5.4.0
Example
cumulus@switch:~$ nv set system aaa user admin2 state enabled