Users and groups¶
This example demonstrates how to declaratively manage users and groups with System Manager.
Configuration¶
system.nix¶
User types¶
System Manager distinguishes between two types of users, and exactly one must be specified.
Normal users are interactive accounts for people logging into the system.
Setting isNormalUser = true automatically configures sensible defaults: a home directory at /home/<username>, membership in the users group, and the default shell.
System users are non-interactive accounts for running services.
Setting isSystemUser = true creates an account with a UID below 1000 and no login shell by default.
System users require an explicit group setting.
Password options¶
Several options control user passwords.
For systems where users.mutableUsers = true (the default), use initialPassword or initialHashedPassword to set a password only when the user is first created.
Users can then change their password with passwd.
For immutable configurations where users.mutableUsers = false, use hashedPassword or hashedPasswordFile to enforce a specific password on every activation.
Generate a hashed password with mkpasswd:
Advanced example¶
This configuration shows additional options for user management:
What this configuration does¶
- Creates user accounts in
/etc/passwdand/etc/shadow - Creates groups in
/etc/group - Sets up home directories when
createHome = true - Manages subordinate UID/GID ranges in
/etc/subuidand/etc/subgidfor container support - Preserves existing passwords and UIDs when
mutableUsers = true