CODEWITHSUNDEEP
cloud-init
Michał Fita
Michał Fita

Reputation: 1319

Use `cloud-init` to add default user to extra groups

I'm trying to add extra groups to the default user from user-data cloud-init's script, but none of below works.

groups:
- audio: [ubuntu]
- video: [ubuntu]
- plugdev: [ubuntu]
- i2c: [ubuntu]

complains the user ubuntu doesn't exist... meaning this module fires up before the default user is created.

users:
- default
  groups: audio, video, plugdev, i2c

Fails with:

2024-12-03 19:10:01,672 - util.py[WARNING]: Failed loading yaml blob. Invalid format at line 70 column 9: "mapping values are not allowed here
  in "<unicode string>", line 70, column 9:
      groups: audio, video, plugdev, i2c
            ^"

and the default user is left w/o password.

The second one is illogical to me, as I don't wont to make assumptions about default username in the system ideally, but have that user in extra groups.

Upvotes: 0

Views: 39

Answers (1)

falcojr
falcojr

Reputation: 1444

Try:

#cloud-config
users:
- name: ubuntu
  groups: [audio, video, plugdev, i2c]

You are correct about groups getting created first. From the documentation:

Groups are added before users, so any users in a group list must already exist on the system

Regarding the default user:

If a string is specified, that string can be comma-separated usernames to create, or the reserved string default which represents the primary admin user used to access the system.

This means that - default is a string and can't be treated as a dictionary with keys underneath it. Providing - default means "use the default configuration as defined in /etc/cloud/cloud.cfg". Looking at an Ubuntu instance, /etc/cloud/cloud.cfg shows:

  default_user:
    name: ubuntu
    lock_passwd: True
    gecos: Ubuntu
    groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, video]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/bash

Excluding - default means, "I will define the default user myself". This can be done as I demonstrated above.

the default user is left w/o password

This is by design as cloud instances use key-based login via SSH by default. To provide a password, use one of the passwd, hashed_passwd, or plain_text_passwd options to your user definition (and be aware of the security implications).

Upvotes: 0

Related Questions