܍~ck lUdZddlmZddlmZddlmZddlmZddl m Z ddl m Z m Z ddlmZdd lmZd Zd d d edgededededededgegdZe ed<e eZejeZdZdZdede dedededdf d ZdS)!z,Users and Groups: Configure users and groups)Logger)dedent)log)Cloud)Config) MetaSchema get_meta_doc)ug_util) PER_INSTANCEaThis module configures users and groups. For more detailed information on user options, see the :ref:`Including users and groups` config example. Groups to add to the system can be specified under the ``groups`` key as a string of comma-separated groups to create, or a list. Each item in the list should either contain a string of a single group to create, or a dictionary with the group name as the key and string of a single user as a member of that group or a list of users who should be members of the group. .. note:: Groups are added before users, so any users in a group list must already exist on the system. Users to add can be specified as a string or list under the ``users`` key. Each entry in the list should either be a string or a dictionary. If a string is specified, that string can be comma-separated usernames to create or the reserved string ``default`` which represents the primary admin user used to access the system. The ``default`` user varies per distribution and is generally configured in ``/etc/cloud/cloud.cfg`` by the ``default_user`` key. Each ``users`` dictionary item must contain either a ``name`` or ``snapuser`` key, otherwise it will be ignored. Omission of ``default`` as the first item in the ``users`` list skips creation the default user. If no ``users`` key is provided the default behavior is to create the default user via this config:: users: - default .. note:: Specifying a hash of a user's password with ``passwd`` is a security risk if the cloud-config can be intercepted. SSH authentication is preferred. .. note:: If specifying a sudo rule for a user, ensure that the syntax for the rule is valid, as it is not checked by cloud-init. .. note:: Most of these configuration options will not be honored if the user already exists. The following options are the exceptions; they are applied to already-existing users: ``plain_text_passwd``, ``hashed_passwd``, ``lock_passwd``, ``sudo``, ``ssh_authorized_keys``, ``ssh_redirect_user``. The ``user`` key can be used to override the ``default_user`` configuration defined in ``/etc/cloud/cloud.cfg``. The ``user`` value should be a dictionary which supports the same config keys as the ``users`` dictionary items. cc_users_groupszUsers and GroupszConfigure users and groupsallz # Add the ``default_user`` from /etc/cloud/cloud.cfg. # This is also the default behavior of cloud-init when no `users` key # is provided. users: - default z # Add the 'admingroup' with members 'root' and 'sys' and an empty # group cloud-users. groups: - admingroup: [root,sys] - cloud-users a9 # Skip creation of the user and only create newsuper. # Password-based login is rejected, but the github user TheRealFalcon # and the launchpad user falcojr can SSH as newsuper. The default # shell for newsuper is bash instead of system default. users: - name: newsuper gecos: Big Stuff groups: users, admin sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash lock_passwd: true ssh_import_id: - lp:falcojr - gh:TheRealFalcon a+ # On a system with SELinux enabled, add youruser and set the # SELinux user to 'staff_u'. When omitted on SELinux, the system will # select the configured default SELinux user. users: - default - name: youruser selinux_user: staff_u am # To redirect a legacy username to the user for a # distribution, ssh_redirect_user will accept an SSH connection and # emit a message telling the client to ssh as the user. # SSH clients will get the message: users: - default - name: nosshlogins ssh_redirect_user: true aW # Override any ``default_user`` config in /etc/cloud/cloud.cfg with # supplemental config options. # This config will make the default user to mynewdefault and change # the user to not have sudo rights. ssh_import_id: [chad.smith] user: name: mynewdefault sudo: null )idnametitle descriptiondistrosexamples frequencyactivate_by_schema_keysmeta)no_create_homesystem)ssh_authorized_keys ssh_import_idssh_redirect_userrcfgcloudrargsreturnNc tj||j\}}tj|\}}|pg} |D] \}} |j|| !|D]\} fdtD} fdtD} | r@| r>td| dd | dd |  dd}|r]d vsd vrtd | z|d vrtd| d |d|t d|| n |d<| d<|jj| fidS)Nc>g|]}||Sget.0keyconfigs B/usr/lib/python3/dist-packages/cloudinit/config/cc_users_groups.py zhandle..s(===3VZZ__=3===c>g|]}||Sr"r#r%s r)r*zhandle..s(AAASCASAAAr+zNot creating user z . Key(s) z, z cannot be provided with rFrrzdNot creating user %s. ssh_redirect_user cannot be provided with ssh_import_id or ssh_authorized_keys)Tdefaultz&. Invalid value of ssh_redirect_user: z*. Expected values: true, default or false.zzIgnoring ssh_redirect_user: %s for %s. No default_user defined. Perhaps missing cloud configuration users: [default, ..].cloud_public_ssh_keys)r normalize_users_groupsdistroextract_defaultget_public_ssh_keysitems create_groupNO_HOME NEED_HOME ValueErrorjoinpopLOGwarning create_user)rrrrrusersgroups default_user _user_config cloud_keysmembersuserno_home need_homerr(s @r)handlerFs54S%,GGOUF#*#:5#A#A \<**,,2J!<<>>11w !!$0000++--%1%1v===='===AAAAIAAA  y ATAADIIi4H4HAA,0IIg,>,>AA  #JJ':EBB  =$../V2K2K J !(999 j%)DD*;*;*;= # && /;*+2<./   000000K%1%1r+)__doc__loggingrtextwrapr cloudinitrcloudinit.cloudrcloudinit.configrcloudinit.config.schemarr cloudinit.distrosr cloudinit.settingsr MODULE_DESCRIPTIONr__annotations__ getLogger__name__r:r5r6strlistrFr"r+r)rVs/..$$$$$$!!!!!! $#####<<<<<<<<%%%%%%++++++/d   )%w           $         yHR!aQQjQQQf ,t  g!! ' I /1 /1/1#(/1/5/1=A/1 /1/1/1/1/1/1r+