User Management

SONiC is based on Debian Linux and uses standard Linux user and password management.

Linux useradd and passwd commands can be used to create users and configure passwords. Users can then be assigned to groups where permission and privileges can be managed.

A primer on SONiC CLI commands

SONiC CLI includes "show" commands that view operational data from the router and currently configured features as well as "configuration" commands that configure features on the router. In order to be able to execute "configuration" commands and some advanced "show" commands (For example, show platform npu commands), the user must be sudo.

Additionally, SONiC's routing stack is based on FRR which exists as a docker container. Users can drop into FRR's vtysh shell to configure routing parameters. However, any user attempting to drop into vtysh must be part of the docker group.

Upon startup, SONiC has a default user admin which is part of both sudo, docker, and redis groups (The redis group along with the docker group allows a user to issue redis-cli commands)

admin@sonic:~$ groups admin
admin : admin sudo docker redis

Configuration Examples

Create a new user in SONiC:

sudo useradd -m <user> 

Set a password for the user:

sudo passwd <user>

Add the new user to groups:

sudo usermod -G <group-1>,<group-2> <user>

View group memberships for the new user:

groups <user>

For example:

admin@sonic:~$ sudo useradd -m cisco
admin@sonic:~$ sudo passwd cisco
New password:
Retype new password:
passwd: password updated successfully
admin@sonic:~$ sudo usermod -G sudo,docker,redis cisco
admin@sonic:~$ groups cisco
cisco : cisco sudo docker redis

Additionally, a different shell (for e.g., /bin/sh or /bin/bash) can be assigned to a user. As an example:

sudo usermod -s /bin/bash <user>

If these changes are made to the currently logged-in user, the user must logout and login again for the changes to take effect.