diff --git a/docs/en/commands/index.asciidoc b/docs/en/commands/index.asciidoc new file mode 100644 index 00000000000..c1a063bc13d --- /dev/null +++ b/docs/en/commands/index.asciidoc @@ -0,0 +1,16 @@ +[role="xpack"] +[[xpack-commands]] += {xpack} Commands + +[partintro] +-- + +{xpack} includes commands that help you configure security: + +//* <> +//* <> +* <> + +-- + +include::users-command.asciidoc[] diff --git a/docs/en/commands/users-command.asciidoc b/docs/en/commands/users-command.asciidoc new file mode 100644 index 00000000000..6a889e86346 --- /dev/null +++ b/docs/en/commands/users-command.asciidoc @@ -0,0 +1,138 @@ +[role="xpack"] +[[users-command]] +== Users Command +++++ +users +++++ + +If you use file-based user authentication, the `users` command enables you to +add and remove users, assign user roles, and manage passwords. + +[float] +=== Synopsis + +[source,shell] +-------------------------------------------------- +bin/x-pack/users +([useradd ] [-p ] [-r ]) | +([list] ) | +([passwd ] [-p ]) | +([roles ] [-a ] [-r ]) | +([userdel ]) +-------------------------------------------------- + +[float] +=== Description + +If you use the built-in `file` internal realm, users are defined in local files +on each node in the cluster. + +Usernames and roles must be at least 1 and no more than 1024 characters. They +can contain alphanumeric characters (`a-z`, `A-Z`, `0-9`), spaces, punctuation, +and printable symbols in the +https://en.wikipedia.org/wiki/Basic_Latin_(Unicode_block)[Basic Latin (ASCII) block]. +Leading or trailing whitespace is not allowed. + +Passwords must be at least 6 characters long. + +For more information, see {xpack-ref}/file-realm.html[File-based User Authentication]. + +[float] +=== Parameters + +`-a `:: If used with the `roles` parameter, adds a comma-separated list +of roles to a user. + +//`-h, --help`:: Returns all of the command parameters. + +`list`:: List the users that are registered with the `file` realm +on the local node. If you also specify a user name, the command provides +information for that user. + +`-p `:: Specifies the user's password. If you do not specify this +parameter, the command prompts you for the password. ++ +-- +TIP: Omit the `-p` option to keep +plaintext passwords out of the terminal session's command history. + +-- + +`passwd `:: Resets a user's password. You can specify the new +password directly with the `-p` parameter. + +`-r `:: +* If used with the `useradd` parameter, defines a user's roles. This option +accepts a comma-separated list of role names to assign to the user. +* If used with the `roles` parameter, removes a comma-separated list of roles +from a user. + +`roles`:: Manages the roles of a particular user. You can combine adding and +removing roles within the same command to change a user's roles. + +//`-s, --silent`:: Shows minimal output. + +`useradd `:: Adds a user to your local node. + +`userdel `:: Deletes a user from your local node. + +//`-v, --verbose`:: Shows verbose output. + +[float] +=== Authorization + +To ensure that {es} can read the user and role information at startup, run +`users useradd` as the same user you use to run {es}. Running the command as +root or some other user updates the permissions for the `users` and `users_roles` +files and prevents {es} from accessing them. + +[float] +=== Examples + +The following example adds a new user named `jacknich` to the `file` realm. The +password for this user is `theshining`, and this user is associated with the +`network` and `monitoring` roles. + +[source,shell] +------------------------------------------------------------------- +bin/x-pack/users useradd jacknich -p theshining -r network,monitoring +------------------------------------------------------------------- + +The following example lists the users that are registered with the `file` realm +on the local node: + +[source, shell] +---------------------------------- +bin/x-pack/users list +rdeniro : admin +alpacino : power_user +jacknich : monitoring,network +---------------------------------- + +Users are in the left-hand column and their corresponding roles are listed in +the right-hand column. + +The following example resets the `jacknich` user's password: + +[source,shell] +-------------------------------------------------- +bin/x-pack/users passwd jachnich +-------------------------------------------------- + +Since the `-p` parameter was omitted, the command prompts you to enter and +confirm a password in interactive mode. + +The following example removes the `network` and `monitoring` roles from the +`jacknich` user and adds the `user` role: + +[source,shell] +------------------------------------------------------------ +bin/x-pack/users roles jacknich -r network,monitoring -a user +------------------------------------------------------------ + +The following example deletes the `jacknich` user: + +[source,shell] +-------------------------------------------------- +bin/x-pack/users userdel jacknich +-------------------------------------------------- diff --git a/docs/en/index.asciidoc b/docs/en/index.asciidoc index d865b7e2834..674adcce7d8 100644 --- a/docs/en/index.asciidoc +++ b/docs/en/index.asciidoc @@ -20,5 +20,8 @@ include::{es-repo-dir}/reference/index-shared2.asciidoc[] :edit_url!: include::rest-api/index.asciidoc[] +:edit_url!: +include::commands/index.asciidoc[] + :edit_url: include::{es-repo-dir}/reference/index-shared3.asciidoc[]