# add groups to the system # The following example adds the ubuntu group with members foo and bar and # the group cloud-users. groups: - ubuntu: [foo,bar] - cloud-users # add users to the system. Users are added after groups are added. users: - default - name: foobar gecos: Foo B. Bar primary-group: foobar groups: users selinux-user: staff_u expiredate: 2012-09-01 ssh-import-id: foobar lock-passwd: false passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/ - name: barfoo gecos: Bar B. Foo sudo: ALL=(ALL) NOPASSWD:ALL groups: users, admin ssh-import-id: None lock-passwd: true ssh-authorized-keys: - - - name: cloudy gecos: Magic Cloud App Daemon User inactive: true system: true # Valid Values: # name: The user's login name # gecos: The user name's real name, i.e. "Bob B. Smith" # homedir: Optional. Set to the local path you want to use. Defaults to # /home/ # primary-group: define the primary group. Defaults to a new group created # named after the user. # groups: Optional. Additional groups to add the user to. Defaults to none # selinux-user: Optional. The SELinux user for the user's login, such as # "staff_u". When this is omitted the system will select the default # SELinux user. # lock-passwd: Defaults to true. Lock the password to disable password login # inactive: Create the user as inactive # passwd: The hash -- not the password itself -- of the password you want # to use for this user. You can generate a safe hash via: # mkpasswd -m SHA-512 -s 4096 # (the above command would create a password SHA512 password hash # with 4096 salt rounds) # # Please note: while the use of a hashed password is better than # plain text, the use of this feature is not ideal. Also, # using a high number of salting rounds will help, but it should # not be relied upon. # # To highlight this risk, running John the Ripper against the # example hash above, with a readily available wordlist, revealed # the true password in 12 seconds on a i7-2620QM. # # In other words, this feature is a potential security risk and is # provided for your convenience only. If you do not fully trust the # medium over which your cloud-config will be transmitted, then you # should use SSH authentication only. # # You have thus been warned. # no-create-home: When set to true, do not create home directory. # no-user-group: When set to true, do not create a group named after the user. # no-log-init: When set to true, do not initialize lastlog and faillog database. # ssh-import-id: Optional. Import SSH ids # ssh-authorized-key: Optional. Add key to user's ssh authorized keys file # sudo: Defaults to none. Set to the sudo string you want to use, i.e. # ALL=(ALL) NOPASSWD:ALL. To add multiple rules, use the following # format. # sudo: # - ALL=(ALL) NOPASSWD:/bin/mysql # - ALL=(ALL) ALL # Note: Please double check your syntax and make sure it is valid. # cloud-init does not parse/check the syntax of the sudo # directive. # system: Create the user as a system user. This means no home directory. # # Default user creation: Ubuntu Only # Unless you define users, you will get a Ubuntu user on Ubuntu systems with the # legacy permission (no password sudo, locked user, etc). If however, you want # to have the ubuntu user in addition to other users, you need to instruct # cloud-init that you also want the default user. To do this use the following # syntax: # users: # default: True # foobar: ... # # users[0] (the first user in users) overrides the user directive.