Help Center/ Elastic Cloud Server/ Best Practices/ Selection and Configuration/ Creating an ECS and Specifying a Non-root User for Login
Updated on 2025-08-06 GMT+08:00

Creating an ECS and Specifying a Non-root User for Login

Scenarios

When you create an ECS, user root is used by default for logging in to Linux ECSs. If you want to use a non-root user for login, create an ECS by referring to this section.

Constraints

  • You do not need to create an image again. You only need to specify custom data when creating an ECS. For details, see Injecting User Data.
  • When specifying a non-root user, you are advised to disable the root account. Only non-root accounts can be used to log in to the ECS using SSH or TTY.
  • When purchasing an ECS, you must select a key pair as the login credential. The key pair is used by user root. Keep it secure.
  • When performing sensitive system operations, for example, running systemctl to restart services and running mount to mount disks, you need to prepend the command with sudo to elevate permissions for performing sensitive system operations.
  • The offline password reset on the console is only available for user root. For details about how to reset the password, see Resetting the Password for Logging In to an ECS on the Management Console.
  • You need to prepare the username and password of the non-root user in advance.
  • This operation supports Huawei Cloud EulerOS, CentOS, Ubuntu, Debian, and openEuler. If you have other OS requirements, contact Huawei technical support.

Preparations

  1. Prepare the username and password and encrypt the password.

    To encrypt the password, run the following command:

    openssl passwd -6 -salt $your_salt $your_password
  2. Set the username and password in the following content to the username and encrypted password prepared in the previous step:
    #cloud-configecs-user******
    users:
     - name: 
      gecos: Cloud User
      sudo: ALL=(ALL) NOPASSWD:ALL
      shell: /bin/bash
      groups: sudo
      inactive: false
      lock_passwd: false
      passwd: 
    disable_root: true
    • name: Enter the name of the non-root user, for example, ecs-user.
    • sudo: indicates the sudo permission. (ALL) NOPASSWD:ALL: indicates that the user has all the permissions of user root. You are advised to configure the permission based on your security requirements.
    • shell: indicates the shell execution mode.
    • lock_passwd:False: indicates that the password login is enabled. The value for some OSs is 0, indicating that password login is enabled.
    • passwd: indicates the encrypted password.
    • disable_root: whether to disable user root. You are advised to set this parameter to true.

Procedure

  1. Log in to the Huawei Cloud console.
  2. Create an ECS and set Login Mode to Key pair. For details, see Purchasing an ECS.
    Figure 1 Setting the login mode
  3. Choose Advanced Settings > User Data and enter the user data prepared in Preparations.
    Figure 2 Injecting user data
  4. After creating the ECS, you can log in to it as a non-root user.
    Figure 3 Logging in to the ECS