diff options
author | Graham Christensen <graham@grahamc.com> | 2018-05-01 19:57:09 -0400 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2018-05-01 19:57:09 -0400 |
commit | eca5c99bf8a115ffd9513f91decc064a5bb3ff6d (patch) | |
tree | 7b49bc123be12ca5344428c6975e4487e69d55e3 /nixos/doc/manual/configuration/user-mgmt.xml | |
parent | 77161de4546697f9bf2da6d081eeba4c399b3313 (diff) | |
download | nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar.gz nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar.bz2 nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar.lz nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar.xz nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.tar.zst nixlib-eca5c99bf8a115ffd9513f91decc064a5bb3ff6d.zip |
nixos docs: format =)
Diffstat (limited to 'nixos/doc/manual/configuration/user-mgmt.xml')
-rw-r--r-- | nixos/doc/manual/configuration/user-mgmt.xml | 124 |
1 files changed, 56 insertions, 68 deletions
diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index 1456a5894119..66c1c6eb3a11 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -3,14 +3,12 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-user-management"> - -<title>User Management</title> - -<para>NixOS supports both declarative and imperative styles of user -management. In the declarative style, users are specified in -<filename>configuration.nix</filename>. For instance, the following -states that a user account named <literal>alice</literal> shall exist: - + <title>User Management</title> + <para> + NixOS supports both declarative and imperative styles of user management. In + the declarative style, users are specified in + <filename>configuration.nix</filename>. For instance, the following states + that a user account named <literal>alice</literal> shall exist: <programlisting> <xref linkend="opt-users.users"/>.alice = { <link linkend="opt-users.users._name__.isNormalUser">isNormalUser</link> = true; @@ -20,81 +18,71 @@ states that a user account named <literal>alice</literal> shall exist: <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; }; </programlisting> - -Note that <literal>alice</literal> is a member of the -<literal>wheel</literal> and <literal>networkmanager</literal> groups, -which allows her to use <command>sudo</command> to execute commands as -<literal>root</literal> and to configure the network, respectively. -Also note the SSH public key that allows remote logins with the -corresponding private key. Users created in this way do not have a -password by default, so they cannot log in via mechanisms that require -a password. However, you can use the <command>passwd</command> program -to set a password, which is retained across invocations of -<command>nixos-rebuild</command>.</para> - -<para>If you set <xref linkend="opt-users.mutableUsers"/> to false, then the contents of -<literal>/etc/passwd</literal> and <literal>/etc/group</literal> will be congruent to -your NixOS configuration. For instance, if you remove a user from <xref linkend="opt-users.users"/> -and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users -and groups, such as useradd, are no longer available. Passwords may still be -assigned by setting the user's <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link> -option. A hashed password can be generated using <command>mkpasswd -m sha-512</command> -after installing the <literal>mkpasswd</literal> package.</para> - -<para>A user ID (uid) is assigned automatically. You can also specify -a uid manually by adding - + Note that <literal>alice</literal> is a member of the + <literal>wheel</literal> and <literal>networkmanager</literal> groups, which + allows her to use <command>sudo</command> to execute commands as + <literal>root</literal> and to configure the network, respectively. Also note + the SSH public key that allows remote logins with the corresponding private + key. Users created in this way do not have a password by default, so they + cannot log in via mechanisms that require a password. However, you can use + the <command>passwd</command> program to set a password, which is retained + across invocations of <command>nixos-rebuild</command>. + </para> + <para> + If you set <xref linkend="opt-users.mutableUsers"/> to false, then the + contents of <literal>/etc/passwd</literal> and <literal>/etc/group</literal> + will be congruent to your NixOS configuration. For instance, if you remove a + user from <xref linkend="opt-users.users"/> and run nixos-rebuild, the user + account will cease to exist. Also, imperative commands for managing users and + groups, such as useradd, are no longer available. Passwords may still be + assigned by setting the user's + <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link> + option. A hashed password can be generated using <command>mkpasswd -m + sha-512</command> after installing the <literal>mkpasswd</literal> package. + </para> + <para> + A user ID (uid) is assigned automatically. You can also specify a uid + manually by adding <programlisting> uid = 1000; </programlisting> - -to the user specification.</para> - -<para>Groups can be specified similarly. The following states that a -group named <literal>students</literal> shall exist: - + to the user specification. + </para> + <para> + Groups can be specified similarly. The following states that a group named + <literal>students</literal> shall exist: <programlisting> <xref linkend="opt-users.groups"/>.students.gid = 1000; </programlisting> - -As with users, the group ID (gid) is optional and will be assigned -automatically if it’s missing.</para> - -<para>In the imperative style, users and groups are managed by -commands such as <command>useradd</command>, -<command>groupmod</command> and so on. For instance, to create a user -account named <literal>alice</literal>: - + As with users, the group ID (gid) is optional and will be assigned + automatically if it’s missing. + </para> + <para> + In the imperative style, users and groups are managed by commands such as + <command>useradd</command>, <command>groupmod</command> and so on. For + instance, to create a user account named <literal>alice</literal>: <screen> # useradd -m alice</screen> - -To make all nix tools available to this new user use `su - USER` which -opens a login shell (==shell that loads the profile) for given user. -This will create the ~/.nix-defexpr symlink. So run: - + To make all nix tools available to this new user use `su - USER` which opens + a login shell (==shell that loads the profile) for given user. This will + create the ~/.nix-defexpr symlink. So run: <screen> # su - alice -c "true"</screen> - - -The flag <option>-m</option> causes the creation of a home directory -for the new user, which is generally what you want. The user does not -have an initial password and therefore cannot log in. A password can -be set using the <command>passwd</command> utility: - + The flag <option>-m</option> causes the creation of a home directory for the + new user, which is generally what you want. The user does not have an initial + password and therefore cannot log in. A password can be set using the + <command>passwd</command> utility: <screen> # passwd alice Enter new UNIX password: *** Retype new UNIX password: *** </screen> - -A user can be deleted using <command>userdel</command>: - + A user can be deleted using <command>userdel</command>: <screen> # userdel -r alice</screen> - -The flag <option>-r</option> deletes the user’s home directory. -Accounts can be modified using <command>usermod</command>. Unix -groups can be managed using <command>groupadd</command>, -<command>groupmod</command> and <command>groupdel</command>.</para> - + The flag <option>-r</option> deletes the user’s home directory. Accounts + can be modified using <command>usermod</command>. Unix groups can be managed + using <command>groupadd</command>, <command>groupmod</command> and + <command>groupdel</command>. + </para> </chapter> |