Attention

You are viewing an older version of the documentation. The latest version is v3.3.

Manage Users and Permissions in ECI Images¶

Intel® Edge Controls for Industrial (Intel® ECI or ECI) images (see Build ECI) provide the following users:

User Account	Password	Permissions	Description
`root`	`root`	Full read/write permissions to all files.	Administrative user account used for granting permissions to non-root users, monitoring activity, applying system-level configurations, general system maintenance, and so on.
`eci-user`	`eci-user`	Limited read permissions to non-system files.	Basic user account intended strictly for executing control applications without access to system-level configurations.

The following table lists the availability of user accounts in the various ECI images:

ECI Target	User Account
ECI Target	root	eci-user
core-bullseye	Yes	Yes
core-jammy	Yes	Yes
legacy-poky-acrn	Yes	NO
legacy-poky-zephyr-ehl	Yes	NO

If any of the assumptions made in ECI regarding users and privileges do not fit the desired use case, use the standard Linux* user commands to add, delete, and modify users.

Add Superuser Capability¶

In most Linux distributions, you can add superuser capabilities for a non-root user. Do the following:

Using a root account, add the user to the sudo group. The example shows the user eci-user being added to the sudo group:
```
$ usermod -aG sudo eci-user
```
Using a root account, edit the sudoers file using visudo:
```
$ visudo /etc/sudoers
```
Add a line to grant superuser capability to all users in the sudo group:
```
%sudo ALL=(ALL) ALL
```
Save and exit visudo.
Logout of all users to re-evaluate the user permissions.

Remove Superuser Capability¶

In most Linux distributions, you can remove superuser capabilities for a non-root user. Do the following:

Using a root account, remove the user from the sudo group. The example shows the user eci-user being removed from the sudo group:
```
$ deluser eci-user sudo
```
Logout all users to re-evaluate the user permissions.