Users

The platform provides full user management for Linux systems. Users can be automatically added or removed through the state-based configuration engine, either fleet-wide or at a more granular level such as on a group or single device.

This means that a user that is created with the attribute "add" will always be created. The agent is watching every run that this user is present on the system. Likewise, if a user is flagged as "remove" it will always be removed, even if it is recreated locally.

Creating a user also creates a user directory, while deleting a user deletes the directory.

The password for users can be set in the security tab under "passwords".

Predefined test or support users with standard passwords are often present in standard embedded Linux gateways, which poses a significant security risk. With this function it is possible to securely delete these users on newly inserted devices to prevent this threat.

New user and new password

Note that when adding a new user and assigning a password during the same commit, it takes two runs of the agent to converge and set the password. Also, if a user is deleted, their home directory will also be deleted without warning, so standard users like "pi" for a Raspberry Pi should be added if user management is enabled.