User Management
Create and configure system users as part of a custom image.
Basic User
{
"username": "deploy",
"shell": "/bin/bash"
}User With Groups
{
"username": "admin",
"shell": "/bin/bash",
"groups": ["sudo", "docker", "adm"],
"home": "/home/admin",
"comment": "System administrator"
}Configuration Options
| Option | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Login username |
shell | string | No | Login shell |
groups | array | No | Additional group memberships |
home | string | No | Home directory path |
comment | string | No | User description |
Common Groups
| Group | Purpose |
|---|---|
sudo | Administrative privileges |
docker | Docker access without sudo |
adm | System log access |
wheel | Alternative admin group on some distributions |
kvm | KVM virtualization access when installed |
Natural Language Examples
Create a user called deploy with sudo and Docker access.Create an appservice user with no login shell and a home directory at /opt/app.Create admin and auditor users. Admin should have sudo access; auditor should be read-only.Password and Key Handling
For production images, prefer SSH keys, first-boot enrollment, or your existing identity tooling over baked-in passwords.
OpenFactory can verify user configuration with assertions such as:
{
"type": "user_exists",
"params": {
"username": "deploy",
"groups": ["docker"]
}
}Best Practices
- Grant the smallest set of groups required.
- Use service accounts for applications.
- Avoid shared administrator accounts.
- Use key-based SSH where possible.
- Document each user with the
commentfield.
Last updated on