Gvmd user management

Use this category only if you have build GSE or components thereof from sources .

Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.

When posting you should provide information about your environment using the following template:

GVM versions

gvm: (‘eenbone Vulnerability Manager 8.0.0
GIT revision a8d8e26f-HEAD’)


**Operating system:debian stretch
**Installation method / source:Compiling source code

Hi I recently compiled and installed the gvmd (V8) and openvas. According to the readme the first (privileged user) should be created via:
“You can create an administrator user with the --create-user option of gvmd:
gvmd --create-user=myuser”

and I noticed that after the first creation and even after starting the gvmd the --create-user method still succeeds to create admin users upon invocation (which is not secure at all on a very privileged machine).
Am I missing something?
how can I prevent other user creation after the first Admin?

Thanks ahead :slight_smile:

You can´t, this is part of the permission model. Admin can always create other users assign permission and roles to them. You should never expose the admin interface external or to a 3rd party.

As well you can always create new admins in case you loose one admin credential :wink: I suggest you learn first about the role based permission model to understand how the internal user and permission handling works.