oB]c@sXdZddlmZddlmZddlmZeje Z eZ dZ dS(s Users and Groups ---------------- **Summary:** configure users and groups This module configures users and groups. For more detailed information on user options, see the ``Including users and groups`` config example. Groups to add to the system can be specified as a list under the ``groups`` key. Each entry in the list should either contain a the group name as a string, or a dictionary with the group name as the key and a list of users who should be members of the group as the value. **Note**: Groups are added before users, so any users in a group list must already exist on the system. The ``users`` config key takes a list of users to configure. The first entry in this list is used as the default user for the system. To preserve the standard default user for the distro, the string ``default`` may be used as the first entry of the ``users`` list. Each entry in the ``users`` list, other than a ``default`` entry, should be a dictionary of options for the user. Supported config keys for an entry in ``users`` are as follows: - ``name``: The user's login name - ``expiredate``: Optional. Date on which the user's login will be disabled. Default: none - ``gecos``: Optional. Comment about the user, usually a comma-separated string of real name and contact information. Default: none - ``groups``: Optional. Additional groups to add the user to. Default: none - ``homedir``: Optional. Home dir for user. Default is ``/home/`` - ``inactive``: Optional. Mark user inactive. Default: false - ``lock_passwd``: Optional. Disable password login. Default: true - ``no_create_home``: Optional. Do not create home directory. Default: false - ``no_log_init``: Optional. Do not initialize lastlog and faillog for user. Default: false - ``no_user_group``: Optional. Do not create group named after user. Default: false - ``passwd``: Hash of user password - ``primary_group``: Optional. Primary group for user. Default to new group named after user. - ``selinux_user``: Optional. SELinux user for user's login. Default to default SELinux user. - ``shell``: Optional. The user's login shell. The default is to set no shell, which results in a system-specific default being used. - ``snapuser``: Optional. Specify an email address to create the user as a Snappy user through ``snap create-user``. If an Ubuntu SSO account is associated with the address, username and SSH keys will be requested from there. Default: none - ``ssh_authorized_keys``: Optional. List of ssh keys to add to user's authkeys file. Default: none. This key can not be combined with ``ssh_redirect_user``. - ``ssh_import_id``: Optional. SSH id to import for user. Default: none. This key can not be combined with ``ssh_redirect_user``. - ``ssh_redirect_user``: Optional. Boolean set to true to disable SSH logins for this user. When specified, all cloud meta-data public ssh keys will be set up in a disabled state for this username. Any ssh login as this username will timeout and prompt with a message to login instead as the configured for this instance. Default: false. This key can not be combined with ``ssh_import_id`` or ``ssh_authorized_keys``. - ``sudo``: Optional. Sudo rule to use, list of sudo rules to use or False. Default: none. An absence of sudo key, or a value of none or false will result in no sudo rules being written for the user. - ``system``: Optional. Create user as system user with no home directory. Default: false - ``uid``: Optional. The user's ID. Default: The next available value. .. note:: Specifying a hash of a user's password with ``passwd`` is a security risk if the cloud-config can be intercepted. SSH authentication is preferred. .. note:: If specifying a sudo rule for a user, ensure that the syntax for the rule is valid, as it is not checked by cloud-init. **Internal name:** ``cc_users_groups`` **Module frequency:** per instance **Supported distros:** all **Config keys**:: groups: - : [, ] - users: - default # User explicitly omitted from sudo permission; also default behavior. - name: sudo: false - name: expiredate: gecos: groups: homedir: inactive: lock_passwd: no_create_home: no_log_init: no_user_group: passwd: primary_group: selinux_user: shell: snapuser: ssh_redirect_user: ssh_authorized_keys: - - ssh_import_id: sudo: system: uid: i(tug_util(tlog(t PER_INSTANCEcCsMtj||j\}}tj|\}}|jp?g} x-|jD]\}} |jj|| qOWx|jD]\} } | jdt} | r2d| ksd| krt d| n| t dfkrt d| | fn|dkrt j d| | q2|| d<| | dys