Local user management
zCX instance Docker administrator
The zCX instance Docker administrator is responsible for managing Docker users within a zCX instance. The user information for the Docker administrator must be given during provisioning. The Docker administrator does not necessarily need to be a z/OS user or zCX appliance administrator.
ssh-keygen
utility to generate public/private rsa key pairs. By default, the keys
are stored in your home directory under the .ssh directory. You can cut and paste the contents of
public ssh key (id_rsa.pub) in the ZCX_DOCKER_ADMIN_SSH_KEY variable field.- For example, you can use the following command to generate a private/public key pair on your
client system:
You can optionally provide a passphrase to further secure private/public key access.ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
If you experience login issues from ssh client, then use ssh -v option
for
additional debugging information.
If you have previously used a different private/public key pair or a deprecated password
authentication option with the same zCX appliance instance IP address, then you must remove the
entry from the known_hosts
file under the .ssh directory.
Adding Docker Users
We suggest allowing the administrator to create Docker users. These Docker users have their own home directories, user names, and passwords.
Docker users have only the ability to run Docker commands. This is because they are added to the Docker user group. Docker users do not have Sudo, the program that allows users to use elevated privileges. Therefore, they cannot create or modify other Docker users.
The useradd
and usermod
commands are not supported on by
zCX.
sudo adduser --ingroup docker username
and receives the
following output:
Adding user 'username' ...
Adding new user 'username' (1004) with group `docker' ...
Creating home directory /home/username' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
Here, the administrator
assigns the new user a password. The new user can change the password if desired. Once the password
is entered, the administrator receives the output:
passwd: password updated successfully
Changing the user information for username
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
$sudo passwd -e username
ssh username@ip_address -p 8022
username@6c279b325214:~$ passwd
Which will give the
output:Changing password for username.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
Followed
by:passwd: password updated successfully
Adding Docker administrators
$ sudo adduser --ingroup docker username
Then add the
user to the "sudo" group to grant administrative
access:sudo adduser username sudo
The
administrator can then switch to the new user using the
command:$ su username
And confirm the user is in the
appropriate 'docker' and 'sudo'
groups: username@host:/home/username$ groups
Which should provide the output:docker sudo
Removing users from groups
sudo deluser username groupname
Administrator
privileges can be revoked by removing a user from the "sudo" group.Deleting Docker users
sudo userdel -r username
To view additional
options, use:$ sudo userdel -h