diff options
Diffstat (limited to 'cloudinit/config/cc_users_groups.py')
-rw-r--r-- | cloudinit/config/cc_users_groups.py | 84 |
1 files changed, 82 insertions, 2 deletions
diff --git a/cloudinit/config/cc_users_groups.py b/cloudinit/config/cc_users_groups.py index bf5b4581..36352362 100644 --- a/cloudinit/config/cc_users_groups.py +++ b/cloudinit/config/cc_users_groups.py @@ -16,10 +16,90 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +""" +Users and Groups +---------------- +**Summary:** configure users and groups + +This module configures users and groups. For more detailed information on user +options, see the ``Including users and groups`` config example. + +Groups to add to the system can be specified as a list under the ``groups`` +key. Each entry in the list should either contain a the group name as a string, +or a dictionary with the group name as the key and a list of users who should +be members of the group as the value. + +The ``users`` config key takes a list of users to configure. The first entry in +this list is used as the default user for the system. To preserve the standard +default user for the distro, the string ``default`` may be used as the first +entry of the ``users`` list. Each entry in the ``users`` list, other than a +``default`` entry, should be a dictionary of options for the user. Supported +config keys for an entry in ``users`` are as follows: + + - ``name``: The user's login name + - ``homedir``: Optional. Home dir for user. Default is ``/home/<username>`` + - ``primary-group``: Optional. Primary group for user. Default to new group + named after user. + - ``groups``: Optional. Additional groups to add the user to. Default: none + - ``selinux-user``: Optional. SELinux user for user's login. Default to + default SELinux user. + - ``lock_passwd``: Optional. Disable password login. Default: true + - ``inactive``: Optional. Mark user inactive. Default: false + - ``passwd``: Hash of user password + - ``no-create-home``: Optional. Do not create home directory. Default: + false + - ``no-user-group``: Optional. Do not create group named after user. + Default: false + - ``no-log-init``: Optional. Do not initialize lastlog and faillog for + user. Default: false + - ``ssh-import-id``: Optional. SSH id to import for user. Default: none + - ``ssh-autorized-keys``: Optional. List of ssh keys to add to user's + authkeys file. Default: none + - ``sudo``: Optional. Sudo rule to use, or list of sudo rules to use. + Default: none. + - ``system``: Optional. Create user as system user with no home directory. + Default: false + +.. note:: + Specifying a hash of a user's password with ``passwd`` is a security risk + if the cloud-config can be intercepted. SSH authentication is preferred. + +.. note:: + If specifying a sudo rule for a user, ensure that the syntax for the rule + is valid, as it is not checked by cloud-init. + +**Internal name:** ``cc_users_groups`` + +**Module frequency:** per instance + +**Supported distros:** all + +**Config keys**:: + + groups: + - ubuntu: [foo, bar] + - cloud-users + + users: + - default + - name: <username> + gecos: <real name> + primary-group: <primary group> + groups: <additional groups> + selinux-user: <selinux username> + expiredate: <date> + ssh-import-id: <none/id> + lock_passwd: <true/false> + passwd: <password> + sudo: <sudo config> + inactive: <true/false> + system: <true/false> +""" + # Ensure this is aliased to a name not 'distros' # since the module attribute 'distros' # is a list of distros that are supported, not a sub-module -from cloudinit import distros as ds +from cloudinit.distros import ug_util from cloudinit.settings import PER_INSTANCE @@ -27,7 +107,7 @@ frequency = PER_INSTANCE def handle(name, cfg, cloud, _log, _args): - (users, groups) = ds.normalize_users_groups(cfg, cloud.distro) + (users, groups) = ug_util.normalize_users_groups(cfg, cloud.distro) for (name, members) in groups.items(): cloud.distro.create_group(name, members) for (user, config) in users.items(): |