diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2019-09-19 19:17:30 +0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2019-09-19 19:17:30 +0200 |
| commit | b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30 (patch) | |
| tree | ee6367837650bb97dc5117d518217b11294900fe /nixos/doc/manual/configuration/user-mgmt.xml | |
| parent | db3d31b903da12bc471e91d811d231dfe5b662ef (diff) | |
| download | nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar.gz nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar.bz2 nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar.lz nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar.xz nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.tar.zst nixlib-b0ccd6dd16909c8639c2d9bee7dd2a2a0ac74c30.zip | |
Revert "nixos/doc: re-format"
This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new format is not an improvement.
Diffstat (limited to 'nixos/doc/manual/configuration/user-mgmt.xml')
| -rw-r--r-- | nixos/doc/manual/configuration/user-mgmt.xml | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index db8323ec4d4f..4b1710f3a2b1 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -5,7 +5,10 @@ xml:id="sec-user-management"> <title>User Management</title> <para> - NixOS supports both declarative and imperative styles of user management. In the declarative style, users are specified in <filename>configuration.nix</filename>. For instance, the following states that a user account named <literal>alice</literal> shall exist: + NixOS supports both declarative and imperative styles of user management. In + the declarative style, users are specified in + <filename>configuration.nix</filename>. For instance, the following states + that a user account named <literal>alice</literal> shall exist: <programlisting> <xref linkend="opt-users.users"/>.alice = { <link linkend="opt-users.users._name__.isNormalUser">isNormalUser</link> = true; @@ -15,33 +18,60 @@ <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; </programlisting> - Note that <literal>alice</literal> is a member of the <literal>wheel</literal> and <literal>networkmanager</literal> groups, which allows her to use <command>sudo</command> to execute commands as <literal>root</literal> and to configure the network, respectively. Also note the SSH public key that allows remote logins with the corresponding private key. Users created in this way do not have a password by default, so they cannot log in via mechanisms that require a password. However, you can use the <command>passwd</command> program to set a password, which is retained across invocations of <command>nixos-rebuild</command>. + Note that <literal>alice</literal> is a member of the + <literal>wheel</literal> and <literal>networkmanager</literal> groups, which + allows her to use <command>sudo</command> to execute commands as + <literal>root</literal> and to configure the network, respectively. Also note + the SSH public key that allows remote logins with the corresponding private + key. Users created in this way do not have a password by default, so they + cannot log in via mechanisms that require a password. However, you can use + the <command>passwd</command> program to set a password, which is retained + across invocations of <command>nixos-rebuild</command>. </para> <para> - If you set <xref linkend="opt-users.mutableUsers"/> to false, then the contents of <literal>/etc/passwd</literal> and <literal>/etc/group</literal> will be congruent to your NixOS configuration. For instance, if you remove a user from <xref linkend="opt-users.users"/> and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. Passwords may still be assigned by setting the user's <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link> option. A hashed password can be generated using <command>mkpasswd -m sha-512</command> after installing the <literal>mkpasswd</literal> package. + If you set <xref linkend="opt-users.mutableUsers"/> to false, then the + contents of <literal>/etc/passwd</literal> and <literal>/etc/group</literal> + will be congruent to your NixOS configuration. For instance, if you remove a + user from <xref linkend="opt-users.users"/> and run nixos-rebuild, the user + account will cease to exist. Also, imperative commands for managing users and + groups, such as useradd, are no longer available. Passwords may still be + assigned by setting the user's + <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link> + option. A hashed password can be generated using <command>mkpasswd -m + sha-512</command> after installing the <literal>mkpasswd</literal> package. </para> <para> - A user ID (uid) is assigned automatically. You can also specify a uid manually by adding + A user ID (uid) is assigned automatically. You can also specify a uid + manually by adding <programlisting> uid = 1000; </programlisting> to the user specification. </para> <para> - Groups can be specified similarly. The following states that a group named <literal>students</literal> shall exist: + Groups can be specified similarly. The following states that a group named + <literal>students</literal> shall exist: <programlisting> <xref linkend="opt-users.groups"/>.students.gid = 1000; </programlisting> - As with users, the group ID (gid) is optional and will be assigned automatically if it’s missing. + As with users, the group ID (gid) is optional and will be assigned + automatically if it’s missing. </para> <para> - In the imperative style, users and groups are managed by commands such as <command>useradd</command>, <command>groupmod</command> and so on. For instance, to create a user account named <literal>alice</literal>: + In the imperative style, users and groups are managed by commands such as + <command>useradd</command>, <command>groupmod</command> and so on. For + instance, to create a user account named <literal>alice</literal>: <screen> # useradd -m alice</screen> - To make all nix tools available to this new user use `su - USER` which opens a login shell (==shell that loads the profile) for given user. This will create the ~/.nix-defexpr symlink. So run: + To make all nix tools available to this new user use `su - USER` which opens + a login shell (==shell that loads the profile) for given user. This will + create the ~/.nix-defexpr symlink. So run: <screen> # su - alice -c "true"</screen> - The flag <option>-m</option> causes the creation of a home directory for the new user, which is generally what you want. The user does not have an initial password and therefore cannot log in. A password can be set using the <command>passwd</command> utility: + The flag <option>-m</option> causes the creation of a home directory for the + new user, which is generally what you want. The user does not have an initial + password and therefore cannot log in. A password can be set using the + <command>passwd</command> utility: <screen> # passwd alice Enter new UNIX password: *** @@ -50,6 +80,9 @@ Retype new UNIX password: *** A user can be deleted using <command>userdel</command>: <screen> # userdel -r alice</screen> - The flag <option>-r</option> deletes the user’s home directory. Accounts can be modified using <command>usermod</command>. Unix groups can be managed using <command>groupadd</command>, <command>groupmod</command> and <command>groupdel</command>. + The flag <option>-r</option> deletes the user’s home directory. Accounts + can be modified using <command>usermod</command>. Unix groups can be managed + using <command>groupadd</command>, <command>groupmod</command> and + <command>groupdel</command>. </para> </chapter> |