Configuring groups and users¶

Configure security and isolation for your image by granting role-based access to the QM and root partitions or specific directories within those partitions. You can view a complete example manifest for user and group configuration in the demos/users/users.aib.yml file.

Prerequisites

A custom manifest file, such as the manifest file that you created in Embedding RPM packages in the AutoSD image.

Procedure

To configure groups and users for your OS image, add the following stages to your custom image manifest.

content: Creates user directories.
groups: Creates group accounts with configurable group IDs (gid).
users: Adds or modifies user accounts with configurable user IDs (uid).

Optional: Create directories for users if they don’t already exist:

automotive image builder manifest

content:
  make_dirs:
    - path: /var/guest
      mode: 0755
      parents: true

Create groups for your users. In this example, create two groups called guest and foo:
automotive image builder manifest
```
auth
  groups:
    guest:
      gid: 2000
    foo:
      gid: 2042
```

Create users. In this example, create and assign the guest user to the guest group, with a preconfigured password and custom home directory. Create and assign the foo user to the foo group, and prevent login:

automotive image builder manifest

  users:
    guest:
        # "password"
        password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU.
        gid: 2000
        uid: 2000
        home: /var/guest
    foo:
        gid: 2042
        uid: 2042
        shell: /sbin/nologin

Next steps

Build your image
Continue customizing your image

For more information about these stages, see the automotive-image-builder parameter schema.