Root Access Settings
This page covers settings that control root (superuser) access for the MinIO process. The root user has complete access and permissions to perform operations on the MinIO deployment.
You can establish or modify settings by defining:
an environment variable on the host system prior to starting or restarting the MinIO Server. Refer to your operating system’s documentation for how to define an environment variable.
a configuration setting using
mc admin config set
.a configuration setting using the MinIO Console’s Administrator > Settings pages.
If you define both an environment variable and the similar configuration setting, MinIO uses the environment variable value.
Some settings have only an environment variable or a configuration setting, but not both.
Root User
- MINIO_ROOT_USER
The access key for the root user.
Warning
If MINIO_ROOT_USER
is unset, minio
defaults to minioadmin
.
NEVER use the default credentials in production environments.
MinIO strongly recommends specifying a unique, long, and random MINIO_ROOT_USER
value for all environments.
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Root Password
- MINIO_ROOT_PASSWORD
The secret key for the root user.
Warning
If MINIO_ROOT_PASSWORD
is unset, minio
defaults to minioadmin
.
NEVER use the default credentials in production environments.
MinIO strongly recommends specifying a unique, long, and random MINIO_ROOT_PASSWORD
value for all environments.
This setting does not have a configuration variable setting. Use the Environment Variable instead.
Root Access
New in version MinIO: Server RELEASE.2023-05-04T21-44-30Z
Specify on
to enable and off
to disable the root user account.
Disabling the root service account also disables all service accounts associated with root, excluding those used by site replication.
Defaults to on
.
Ensure you have at least one other admin user, such as one with the consoleAdmin
policy, before disabling the root account.
If you do not have another admin user, disabling the root account locks administrative access to the deployment.
You can use this variable to temporarily override the configuration setting and re-enable root access to the deployment.
To reset after an unintentional lock, set MINIO_API_ROOT_ACCESS
on
to override this setting and temporarily re-enable the root account.
You can then change this setting to on
or make the necessary user/policy changes to ensure normal administrative access through other non-root accounts.