Variable definitions for device user account configuration. Declares user account settings: username, password, UID, GID, sudo access, and supplementary group membership.
Declares (prefix: device):
| Variable | Description | Default | Validation | Policy |
|---|---|---|---|---|
IGconf_device_user1 |
A user account with this name will be created on the device. |
pi
|
Non-empty string value | immediate |
IGconf_device_user1pass |
Password required to log into the user1 account. If neither user1pass nor user1passhash is set, the account will be locked. Password requirements are as follows. At least 8 characters. At least one lowercase letter. At least one uppercase letter. At least one digit. At least one special character from @$!%*?& |
<disabled>
|
Must match regex pattern: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$ | skip |
IGconf_device_user1passhash |
A pre-hashed password for the user1 account. Generate using the provided genpasswd utility, or supply a hash created with the same algorithm used by the chroot. If neither user1pass nor user1passhash is set, the account will be locked. |
<disabled>
|
Non-empty string value | skip |
IGconf_device_user1sudo |
Controls sudo access for the user1 account. 'none' disables sudo access entirely. 'passwd' requires a password for sudo. 'nopasswd' grants passwordless sudo. If user1pass or user1passhash is set, defaults to 'passwd'. Note: setting 'nopasswd' without a password is permitted but inadvisable. |
none
|
Must be one of: none, passwd, nopasswd | lazy |
IGconf_device_user1uid |
The UID assigned to the user1 account. If unset, one will be assigned automatically. |
<disabled>
|
Integer value in range 1000 to 65533 | skip |
IGconf_device_user1gid |
The GID assigned to the user1 account. If unset, one will be assigned automatically. |
<disabled>
|
Integer value in range 1000 to 65533 | skip |
IGconf_device_user1groups |
Comma-separated list of supplementary groups that the user1 account will be added to. Groups that do not exist on the system are created as system groups. Group names must follow Linux naming conventions: start with a letter or underscore, followed by letters, digits, underscores, or hyphens. |
adm,dialout,cdrom,audio,users,video,games,plugdev,input,spi,i2c,gpio,render
|
Must match regex pattern: ^[a-zA-Z_][a-zA-Z0-9_-]*(,[a-zA-Z_][a-zA-Z0-9_-]*)*$ | lazy |
File: base/device-user-credentials.yaml
Type: static