Skip to content

Configuring groups and users

Configure security and isolation for your image by granting role-based access to the QM and ASIL partitions or specific directories within those partitions. You can view a complete example manifest for user and group configuration in the demos/users/users.aib.yml file.

Prerequisites

Procedure

To configure groups and users for your OS image, add the following stages to your custom image manifest.

content
Creates user directories.
groups
Creates group accounts with configurable group IDs (gid).
users
Adds or modifies user accounts with configurable user IDs (uid).
  1. Optional: Create directories for users if they don’t already exist:

    automotive image builder manifest
    content:
      make_dirs:
        - path: /var/guest
          mode: 0755
          parents: true
    
  2. Create groups for your users. In this example, create two groups called guest and foo:

    automotive image builder manifest
    auth
      groups:
        guest:
          gid: 2000
        foo:
          gid: 2042
    
  3. Create users. In this example, create and assign the guest user to the guest group, with a preconfigured password and custom home directory. Create and assign the foo user to the foo group, and prevent login:

    automotive image builder manifest
      users:
        guest:
            # "password"
            password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU.
            gid: 2000
            uid: 2000
            home: /var/guest
        foo:
            gid: 2042
            uid: 2042
            shell: /sbin/nologin
    

Next steps

  • Build your image
  • Continue customizing your image

For more information about these stages, see the automotive-image-builder parameter schema.


© Red Hat