KEMBAR78
Mikrotik Router OS Documents Library | PDF | File Transfer Protocol | Computer Architecture
Scribd
Upload
361 views3 pages

Mikrotik Router OS Documents Library

Mikrotik Router OS Documents Library

Uploaded by

Phạm Đức Hạnh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
361 views3 pages

Mikrotik Router OS Documents Library

Mikrotik Router OS Documents Library

Uploaded by

Phạm Đức Hạnh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

4/11/2019 MikroTik RouterOS V2.

4 Users and Groups

MikroTik RouterOS V2.4 Users and Groups


Document revision 08-Apr-2001
This document applies to the MikroTik RouterOS V2.4

Overview
MikroTik RouterOS has a local user database. Permissions and user rights are granted to groups. Users
belong to groups and receive all the permissions and user rights assigned to that group.

Contents of the Manual


The following topics are covered in this manual:

User Management
User Groups

User Management
User management can be accessed under the /user menu:
[MikroTik] user> print
Flags: X - disabled
0 ;;; system default user
name=admin group=full address=0.0.0.0/0 caller-id="" baud-rate=0
only-one=no max-session-time=0s

[MikroTik] user>

Use the add command to add a user to the user database:


[MikroTik] user> add name=joe group=ppp password=j1o2e3
[MikroTik] user> print
Flags: X - disabled
0 ;;; system default user
name=admin group=full address=0.0.0.0/0 caller-id="" baud-rate=0
only-one=no max-session-time=0s

1 name=joe group=ppp address=0.0.0.0/0 caller-id="" baud-rate=0


only-one=no max-session-time=0s

[MikroTik] user>

Argument description:

name - (required) User name. Must start with an alphanumeric character and contain
alphanumeric characters, "*", "_", ".", "@".
group - (required) Name of the group the user belongs to. The system default groups are 'full',
'write', 'read', and 'ppp'. See below on how to manage user groups.
password - User password. If not specified, it is left blank (hit 'Enter' when logging in). It
conforms to standard Unix characteristics of passwords. Can contain letters, digits, "*" and "_"
baud-rate - Connection rate limit for PPPoE
caller-id - For PPTP it IP address of the client, for PPPoE it is MAC address of the client
max-session-time - (Only for PPP connections) Maximum session time user can have when
logged in
only-one - (yes / no) (Only for PPP connections) If 'yes' user can have only one session at a time
address - Ip address form which the user is allowed to log in. When logging in using PPP, if the

https://mikrotik.com/documentation/manual_2.4/System/Users.html 1/3
4/11/2019 MikroTik RouterOS V2.4 Users and Groups

remote address is specified in PPP interface settings then this address should match the specified
address in order to enable client to log in. Can be in the form address/mask, where 'mask' is the
number of bits in the subnet mask.
netmask - Network mask of addresses assigned to the user

Note! User name "*" will be used for PPP as any user.

List of active users can be viewed using the /user active print command:
[MikroTik] > /user active print
# WHEN NAME ADDRESS VIA
0 apr/19/2001 01:11:04 admin 0.0.0.0 console
1 apr/19/2001 01:12:26 1 0.0.0.0 console
[MikroTik] >

When the user has logged on he can change his password using the /password command. The user is
required to enter his/her current password before entering the new password. When the user logs out and logs
in for the next time, the new password must be entered.

User Groups
User group management can be accessed under the /user group menu:
[MikroTik] user group> print
0 ;;; ppp users
name=ppp policy=ppp

1 ;;; users with read only permission


name=read policy=local telnet ssh reboot read test web

2 ;;; users with write permission


name=write policy=local telnet ssh reboot read write test web

3 ;;; users with complete access


name=full policy=local telnet ssh ftp reboot read write policy test web

[MikroTik] user group>

There are four system groups which cannot be deleted. Use add command to add a user group:

[MikroTik] user group> add name=reboot policy="telnet reboot read"


[MikroTik] user group> print
0 ;;; ppp users
name=ppp policy=ppp

1 ;;; users with read only permission


name=read policy=local telnet ssh reboot read test web

2 ;;; users with write permission


name=write policy=local telnet ssh reboot read write test web

3 ;;; users with complete access


name=full policy=local telnet ssh ftp reboot read write policy test web

4 name=reboot policy=reboot read telnet

[MikroTik] user group>

Here, the argument name is the name of the group, and policy contains the list of policies assigned to the
group:

local - User can log on locally via console


telnet - User can log on remotely via telnet
ssh - User can log on remotely via secure shell
https://mikrotik.com/documentation/manual_2.4/System/Users.html 2/3
4/11/2019 MikroTik RouterOS V2.4 Users and Groups

ftp - User can log on remotely via ftp and send and retrieve files from the router
reboot - User can reboot the router
read - User can retrieve the configuration
write - User can retrieve and change the configuration
policy - Manage user policies, add and remove user
test - User can run ping, traceroute, bandwidth test
web - user can log on remotely via http (Java Console)
ppp - User can log on using ppp connections to the router (PPP, PPTP, PPPoE)

� Copyright 1999-2001, MikroTik

https://mikrotik.com/documentation/manual_2.4/System/Users.html 3/3

You might also like