Skip to Content
Building OsUser Management

User Management

Create and configure system users as part of a custom image.

Basic User

{ "username": "deploy", "shell": "/bin/bash" }

User With Groups

{ "username": "admin", "shell": "/bin/bash", "groups": ["sudo", "docker", "adm"], "home": "/home/admin", "comment": "System administrator" }

Configuration Options

OptionTypeRequiredDescription
usernamestringYesLogin username
shellstringNoLogin shell
groupsarrayNoAdditional group memberships
homestringNoHome directory path
commentstringNoUser description

Common Groups

GroupPurpose
sudoAdministrative privileges
dockerDocker access without sudo
admSystem log access
wheelAlternative admin group on some distributions
kvmKVM virtualization access when installed

Natural Language Examples

Create a user called deploy with sudo and Docker access.
Create an appservice user with no login shell and a home directory at /opt/app.
Create admin and auditor users. Admin should have sudo access; auditor should be read-only.

Password and Key Handling

For production images, prefer SSH keys, first-boot enrollment, or your existing identity tooling over baked-in passwords.

OpenFactory can verify user configuration with assertions such as:

{ "type": "user_exists", "params": { "username": "deploy", "groups": ["docker"] } }

Best Practices

  1. Grant the smallest set of groups required.
  2. Use service accounts for applications.
  3. Avoid shared administrator accounts.
  4. Use key-based SSH where possible.
  5. Document each user with the comment field.
Last updated on