feat(users): Add support for creating/modifying users
This commit is contained in:
Brian Waldon
@@ -13,6 +13,40 @@ Provided public SSH keys will be authorized for the `core` user.
|
||||
The keys will be named "coreos-cloudinit" by default.
|
||||
Override this with the `--ssh-key-name` flag when calling `coreos-cloudinit`.
|
||||
|
||||
#### users
|
||||
|
||||
Add or modify users with the `users` directive by providing a list of user objects, each consisting of the following fields.
|
||||
Each field is optional and of type string unless otherwise noted.
|
||||
All but the `passwd` and `ssh-authorized-keys` fields will be ignored if the user already exists.
|
||||
|
||||
- **name**: Required. Login name of user
|
||||
- **gecos**: GECOS comment of user
|
||||
- **passwd**: Hash of the password to use for this user
|
||||
- **homedir**: User's home directory. Defaults to /home/<name>
|
||||
- **no-create-home**: Boolean. Skip home directory createion.
|
||||
- **primary-group**: Default group for the user. Defaults to a new group created named after the user.
|
||||
- **groups**: Add user to these additional groups
|
||||
- **no-user-group**: Boolean. Skip default group creation.
|
||||
- **ssh-authorized-keys**: List of public SSH keys to authorize for this user
|
||||
- **system**: Create the user as a system user. No home directory will be created.
|
||||
- **no-log-init**: Boolean. Skip initialization of lastlog and faillog databases.
|
||||
|
||||
The following fields are not yet implemented:
|
||||
|
||||
- **inactive**: Deactivate the user upon creation
|
||||
- **lock-passwd**: Boolean. Disable password login for user
|
||||
- **sudo**: Entry to add to /etc/sudoers for user. By default, no sudo access is authorized.
|
||||
- **selinux-user**: Corresponding SELinux user
|
||||
- **ssh-import-id**: Import SSH keys by ID from Launchpad.
|
||||
|
||||
##### Generating a password hash
|
||||
|
||||
You can generate a safe hash via:
|
||||
|
||||
mkpasswd --method=SHA-512 --rounds=4096
|
||||
|
||||
Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed.
|
||||
|
||||
## Custom cloud-config Parameters
|
||||
|
||||
### coreos.etcd.discovery_url
|
||||
@@ -80,3 +114,18 @@ coreos:
|
||||
[Install]
|
||||
WantedBy=local.target
|
||||
```
|
||||
|
||||
### Add a user
|
||||
|
||||
```
|
||||
#cloud-config
|
||||
|
||||
users:
|
||||
- name: elroy
|
||||
passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5yYv6mTlWfOoCYHZmfi3LDKVltj.E8XNKEcwWm...
|
||||
groups:
|
||||
- staff
|
||||
- docker
|
||||
ssh-authorized-keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h...
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user