Create users and groups

Digi recommends you create regular users to help protect the security of your system.

Manage accounts in a running system
Create users and groups at build time

The existing users and groups are:

Group name	Description
digiapix	Digi APIX group to grant access to the interfaces managed by the APIs
ftp	Group to access to files served by FTP servers
ggc_group	AWS Greengrass group (only applicable if Greengrass Core is installed in the root filesystem)
messagebus	System group to handle the system message bus activity
netdev	Group to manage network interfaces including Bluetooth
root	System administrator group

Username	Description
ftp	User access to files served by FTP servers
ggc_user	AWS Greengrass user (only applicable if Greengrass Core is installed in the root filesystem)
messagebus	System user to handle the system message bus activity
root	System administrator user

The root user has permission to do nearly anything to files, regardless of their ownership and permission settings.

Manage accounts in a running system

Create a new user

Open your device shell and log in as root.

Create a new user with default options and his own group with useradd.

#> useradd <user_name>

For example, to add user called digi, execute:

#> useradd digi
#>

Add a password to the new user with passwd.

#> passwd <user_name>

For example, to set digipassword as password for digi account, issue passwd and type the password when prompted:

#> passwd digi
Changing password for digi
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password: 
Re-enter new password: 
passwd: password changed.
#>

Once the new password is set, log out or reboot to log in as the new user.

For example, to log in as digi after a reboot:

Digi Embedded Yocto 2.4-r1 ccimx6ulsbc /dev/ttymxc4
 
ccimx6ulsbc login: digi
Password: 
 
 
BusyBox v1.24.1 (2017-12-13 05:30:45 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
 
~>

Create a new group

Use the groupadd command to create a new group

#> groupadd <group_name>

Add a user to a group

Issue usermod command to modify an existing user account and add it to an existing group.

#> usermod -a -G <group_name> <user_name>

Where <user_name> is the user login name to add to the group specified in <group_name>.

Use groups to print group memberships for a specific user name.

#> groups <user_name>

For example, to add user digi to the digiapix group:

#> usermod -a -G digiapix digi
#> groups digi
digiapix digi
#>

Remove existing users and groups

You can remove an existing user with userdel.

#> userdel -r <user_name>

For example, to remove digi user:

#> userdel -r digi
#>

Use groupdel to remove existing groups.

#> groupdel <group_name>

Create users and groups at build time

The standard way for a recipe to add or modify system users or groups is with the useradd class:

inherit useradd

This class uses the following variables:

USERADD_PACKAGES specifies the output packages which include custom users/groups. For the main package, use the following:
```
USERADD_PACKAGES = "${PN}"
```
USERADD_PARAM specifies the command line arguments for the Linux useradd command, to add new users to the system. You can create multiple users by separating the commands with a semicolon.
GROUPADD_PARAM defines the command line arguments for the Linux groupadd command, to add new groups to the system. You can create multiple groups by separating the commands with a semicolon.
GROUPMEMS_PARAM contains the arguments for the Linux groupmems command, which administers members of the user's primary group.

The recipe useradd-example.bb is an example of using features from useradd class.

Example snippet of a recipe using the useradd class

inherit useradd
 
PASSWORD ?= "miDBHDo2hJSAA"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "--system --create-home \
                       --groups tty,digiapix \
                       --password ${PASSWORD} \
                       --user-group ${PN}"