cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos: nixos/doc/manual/configuration/user-mgmt.xml to CommonMark

Browse source
This commit is contained in:
Bobby Rong 2021-07-03 19:36:14 +08:00
parent 198ece4057
commit a55f0640b0
4 changed files with 200 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/configuration/configuration.xml
View file

@ -15,7 +15,7 @@
</partintro>
<xi:include href="config-syntax.xml" />
<xi:include href="package-mgmt.xml" />
<xi:include href="user-mgmt.xml" />
<xi:include href="../from_md/configuration/user-mgmt.chapter.xml" />
<xi:include href="file-systems.xml" />
<xi:include href="x-windows.xml" />
<xi:include href="wayland.xml" />

92
nixos/doc/manual/configuration/user-mgmt.chapter.md Normal file
View file

@ -0,0 +1,92 @@
# User Management {#sec-user-management}
NixOS supports both declarative and imperative styles of user
management. In the declarative style, users are specified in
`configuration.nix`. For instance, the following states that a user
account named `alice` shall exist:
```nix
users.users.alice = {
isNormalUser = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" "networkmanager" ];
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
```
Note that `alice` is a member of the `wheel` and `networkmanager`
groups, which allows her to use `sudo` to execute commands as `root` and
to configure the network, respectively. Also note the SSH public key
that allows remote logins with the corresponding private key. Users
created in this way do not have a password by default, so they cannot
log in via mechanisms that require a password. However, you can use the
`passwd` program to set a password, which is retained across invocations
of `nixos-rebuild`.
If you set [`users.mutableUsers`](options.html#opt-users.mutableUsers) to
false, then the contents of `/etc/passwd` and `/etc/group` will be congruent
to your NixOS configuration. For instance, if you remove a user from
[`users.users`](options.html#opt-users.users) and run nixos-rebuild, the user
account will cease to exist. Also, imperative commands for managing users and
groups, such as useradd, are no longer available. Passwords may still be
assigned by setting the user\'s
[hashedPassword](#opt-users.users._name_.hashedPassword) option. A
hashed password can be generated using `mkpasswd -m
sha-512`.
A user ID (uid) is assigned automatically. You can also specify a uid
manually by adding
```nix
uid = 1000;
```
to the user specification.
Groups can be specified similarly. The following states that a group
named `students` shall exist:
```nix
users.groups.students.gid = 1000;
```
As with users, the group ID (gid) is optional and will be assigned
automatically if it's missing.
In the imperative style, users and groups are managed by commands such
as `useradd`, `groupmod` and so on. For instance, to create a user
account named `alice`:
```ShellSession
# useradd -m alice
```
To make all nix tools available to this new user use \`su - USER\` which
opens a login shell (==shell that loads the profile) for given user.
This will create the \~/.nix-defexpr symlink. So run:
```ShellSession
# su - alice -c "true"
```
The flag `-m` causes the creation of a home directory for the new user,
which is generally what you want. The user does not have an initial
password and therefore cannot log in. A password can be set using the
`passwd` utility:
```ShellSession
# passwd alice
Enter new UNIX password: ***
Retype new UNIX password: ***
```
A user can be deleted using `userdel`:
```ShellSession
# userdel -r alice
```
The flag `-r` deletes the user's home directory. Accounts can be
modified using `usermod`. Unix groups can be managed using `groupadd`,
`groupmod` and `groupdel`.

88
nixos/doc/manual/configuration/user-mgmt.xml
View file

@ -1,88 +0,0 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-user-management">
<title>User Management</title>
<para>
NixOS supports both declarative and imperative styles of user management. In
the declarative style, users are specified in
<filename>configuration.nix</filename>. For instance, the following states
that a user account named <literal>alice</literal> shall exist:
<programlisting>
<xref linkend="opt-users.users"/>.alice = {
<link linkend="opt-users.users._name_.isNormalUser">isNormalUser</link> = true;
<link linkend="opt-users.users._name_.home">home</link> = "/home/alice";
<link linkend="opt-users.users._name_.description">description</link> = "Alice Foobar";
<link linkend="opt-users.users._name_.extraGroups">extraGroups</link> = [ "wheel" "networkmanager" ];
<link linkend="opt-users.users._name_.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
</programlisting>
Note that <literal>alice</literal> is a member of the
<literal>wheel</literal> and <literal>networkmanager</literal> groups, which
allows her to use <command>sudo</command> to execute commands as
<literal>root</literal> and to configure the network, respectively. Also note
the SSH public key that allows remote logins with the corresponding private
key. Users created in this way do not have a password by default, so they
cannot log in via mechanisms that require a password. However, you can use
the <command>passwd</command> program to set a password, which is retained
across invocations of <command>nixos-rebuild</command>.
</para>
<para>
If you set <xref linkend="opt-users.mutableUsers"/> to false, then the
contents of <literal>/etc/passwd</literal> and <literal>/etc/group</literal>
will be congruent to your NixOS configuration. For instance, if you remove a
user from <xref linkend="opt-users.users"/> and run nixos-rebuild, the user
account will cease to exist. Also, imperative commands for managing users and
groups, such as useradd, are no longer available. Passwords may still be
assigned by setting the user's
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using <command>mkpasswd -m
sha-512</command>.
</para>
<para>
A user ID (uid) is assigned automatically. You can also specify a uid
manually by adding
<programlisting>
uid = 1000;
</programlisting>
to the user specification.
</para>
<para>
Groups can be specified similarly. The following states that a group named
<literal>students</literal> shall exist:
<programlisting>
<xref linkend="opt-users.groups"/>.students.gid = 1000;
</programlisting>
As with users, the group ID (gid) is optional and will be assigned
automatically if its missing.
</para>
<para>
In the imperative style, users and groups are managed by commands such as
<command>useradd</command>, <command>groupmod</command> and so on. For
instance, to create a user account named <literal>alice</literal>:
<screen>
<prompt># </prompt>useradd -m <replaceable>alice</replaceable></screen>
To make all nix tools available to this new user use `su - USER` which opens
a login shell (==shell that loads the profile) for given user. This will
create the ~/.nix-defexpr symlink. So run:
<screen>
<prompt># </prompt>su - <replaceable>alice</replaceable> -c "true"</screen>
The flag <option>-m</option> causes the creation of a home directory for the
new user, which is generally what you want. The user does not have an initial
password and therefore cannot log in. A password can be set using the
<command>passwd</command> utility:
<screen>
<prompt># </prompt>passwd <replaceable>alice</replaceable>
Enter new UNIX password: ***
Retype new UNIX password: ***
</screen>
A user can be deleted using <command>userdel</command>:
<screen>
<prompt># </prompt>userdel -r <replaceable>alice</replaceable></screen>
The flag <option>-r</option> deletes the users home directory. Accounts
can be modified using <command>usermod</command>. Unix groups can be managed
using <command>groupadd</command>, <command>groupmod</command> and
<command>groupdel</command>.
</para>
</chapter>

107
nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml Normal file
View file

@ -0,0 +1,107 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-user-management">
<title>User Management</title>
<para>
NixOS supports both declarative and imperative styles of user
management. In the declarative style, users are specified in
<literal>configuration.nix</literal>. For instance, the following
states that a user account named <literal>alice</literal> shall
exist:
</para>
<programlisting language="bash">
users.users.alice = {
isNormalUser = true;
home = &quot;/home/alice&quot;;
description = &quot;Alice Foobar&quot;;
extraGroups = [ &quot;wheel&quot; &quot;networkmanager&quot; ];
openssh.authorizedKeys.keys = [ &quot;ssh-dss AAAAB3Nza... alice@foobar&quot; ];
};
</programlisting>
<para>
Note that <literal>alice</literal> is a member of the
<literal>wheel</literal> and <literal>networkmanager</literal>
groups, which allows her to use <literal>sudo</literal> to execute
commands as <literal>root</literal> and to configure the network,
respectively. Also note the SSH public key that allows remote logins
with the corresponding private key. Users created in this way do not
have a password by default, so they cannot log in via mechanisms
that require a password. However, you can use the
<literal>passwd</literal> program to set a password, which is
retained across invocations of <literal>nixos-rebuild</literal>.
</para>
<para>
If you set
<link xlink:href="options.html#opt-users.mutableUsers"><literal>users.mutableUsers</literal></link>
to false, then the contents of <literal>/etc/passwd</literal> and
<literal>/etc/group</literal> will be congruent to your NixOS
configuration. For instance, if you remove a user from
<link xlink:href="options.html#opt-users.users"><literal>users.users</literal></link>
and run nixos-rebuild, the user account will cease to exist. Also,
imperative commands for managing users and groups, such as useradd,
are no longer available. Passwords may still be assigned by setting
the user's
<link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>
option. A hashed password can be generated using
<literal>mkpasswd -m sha-512</literal>.
</para>
<para>
A user ID (uid) is assigned automatically. You can also specify a
uid manually by adding
</para>
<programlisting language="bash">
uid = 1000;
</programlisting>
<para>
to the user specification.
</para>
<para>
Groups can be specified similarly. The following states that a group
named <literal>students</literal> shall exist:
</para>
<programlisting language="bash">
users.groups.students.gid = 1000;
</programlisting>
<para>
As with users, the group ID (gid) is optional and will be assigned
automatically if its missing.
</para>
<para>
In the imperative style, users and groups are managed by commands
such as <literal>useradd</literal>, <literal>groupmod</literal> and
so on. For instance, to create a user account named
<literal>alice</literal>:
</para>
<programlisting>
# useradd -m alice
</programlisting>
<para>
To make all nix tools available to this new user use `su - USER`
which opens a login shell (==shell that loads the profile) for given
user. This will create the ~/.nix-defexpr symlink. So run:
</para>
<programlisting>
# su - alice -c &quot;true&quot;
</programlisting>
<para>
The flag <literal>-m</literal> causes the creation of a home
directory for the new user, which is generally what you want. The
user does not have an initial password and therefore cannot log in.
A password can be set using the <literal>passwd</literal> utility:
</para>
<programlisting>
# passwd alice
Enter new UNIX password: ***
Retype new UNIX password: ***
</programlisting>
<para>
A user can be deleted using <literal>userdel</literal>:
</para>
<programlisting>
# userdel -r alice
</programlisting>
<para>
The flag <literal>-r</literal> deletes the users home directory.
Accounts can be modified using <literal>usermod</literal>. Unix
groups can be managed using <literal>groupadd</literal>,
<literal>groupmod</literal> and <literal>groupdel</literal>.
</para>
</chapter>