User rights

Default user

PLCnext Controls are supplied with a preset admin user and a default password that is printed on the controller's housing. This enables access to the most important functions. 

admin user

When a PLCnext user logs into the SSH console with the admin user, the user is also recognized with the same name and password by the Linux system. The user is therefore assigned to the plcnext Linux group. Files that this user may read, write to and/or execute are assigned to the plcnext group file system.

plcnext_firmware user

The plcnext_firmware user is another major user in the Linux system. It is permanently integrated and is used for starting the PLCnext firmware processes. In the Linux system, the user has the rights to execute all the operations required.
In addition to the Linux user rights, the PLCnext Technology firmware also has its own user management. Its configuration is described in User Authentication.

Override with sudo

Executing Linux commands that require higher rights is made possible for the users via sudo. Which Linux commands the PLCnext users are allowed to execute via sudo is being configured in the Linux system.

Default rights settings

The following rights are available:

Rights plcnext group admin sudo required
Setting and inspecting IP settings (including ifconfig, ping, netstat, etc.)
(for ifconfig)
Configuring the firewall
Starting/stopping the firewall (init script)
Inspecting the firewall with nft
Configuring VPN (IPsec and OpenVPN™)
Starting/stopping VPN services (IPsec and OpenVPN™)
Editing the Default PLCnext folder for individual ACF, ESM, GDS configurations, and *.so
Starting/stopping the PLCnext Technology firmware processes
sudo /etc/init.d/plcnext start|stop|restart
Reading PLCnext log files
Calling and configuring TOP/HTOP
Firmware update via update script with sudo update-plcnext
Configuring the NTP server
Setting the root password with passwd
Requesting the system time with date
Setting the system time with sudo date -s
Restarting/shutting down the controller with reboot or shutdown
Write access to /opt/plcnext and /opt/plcnext/projects
Recording network traces with tcpdump
Starting the gdbserver with root rights (see here how to do that)
Resetting to factory defaults with sudo recover-plcnext 1
(see also Factory reset)

Root rights

For some commands you require advanced rights. To this end, the root user password needs to be set while the root user itself already exists under the Linux® system.

Risk of personal injury or damage to equipment

With active root user access, the controller must not be used for live operation.

Before live operation of the controller return to an appropriate user role and remove the root user password.

Security Note: With root user access, you can make unlimited changes on the controller. Root rights are therefore only suitable for qualified application programmers and software engineers with relevant experience.
  • Avoid making changes to the PLCnext Technology firmware or Operating System itself. If changes are neccessary, see Overlay File System for details.
  • Do not supply the device with an already set password for the root user.
  • Remove the root password as soon as root user access is not required any more.

Setting a root user password

  • Connect to the controller via its IP address and log in as admin user. The default password for the user printed on the controller's housing.
  • Enter this command: sudo passwd root.
  • Enter the admin user's password to authorize this command.
  • Enter a new password for the root user (minimum 5 characters, preferably consisting of upper-case and lower-case letters plus numbers).
  • Confirm the new password by entering it again.
    Show the screenshotShow the screenshot
    console2

Using the root user

  • Connect to the controller via its IP address and log in as admin user. The default password for the admin user is printed on the controller's housing.
  • Switch to the root user with the su - command and the root user's password.
  • Perform the activities that need the root user's rights.
  • Once you have executed all the activities as the root user, change back to the previous user role (e.g., admin) using the exit command.

Removing the root password

If the root user is no longer required, remove the password. This prevents unauthorized users from modifying the firmware.

  • Connect to the controller via its IP address and log in as admin user. The default password for the user printed on the controller's housing.
  • In the shell or command line interface, enter this command: sudo passwd -d root.

After that, the root user stays present on the controller. Before using it again you have to set a new password.

Recommended: The easiest way to undo changes to the root user is a reset to default setting type 1. This will also remove the root user's password.

 

 

 


•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2022-09-14 • Revision 046 •