Configuring Users (passwd)

The passwd node allows you to create, modify, and configure FCOS users.

FCOS has a default privileged user named core. You can use this user for system administration tasks. Use the passwd node to modify this user’s attributes, as shown below.


The top-level nodes for passwd include users and groups. These are both lists of objects.

  • users (list of objects): the lists of accounts to create on FCOS.

    • name (string, required, must be unique): the username

    • password_hash (string): the hashed password for the account.

    • ssh_authorized_keys (list of strings, each must be unique): a list of SSH keys to be added as an SSH key fragment in the user’s home directory (.ssh/authorized_keys.d/ignition).

    • uid (integer): the user ID of the account

    • gecos (string): the GECOS field of the account

    • home_dir (string): the home directory of the account

    • no_create_home (boolean): when set to true, no home directory is created for the user. This does not have any effect on any existing home directory.

    • primary_group (string): the name of the primary group of the account

    • groups (list of strings): the list of supplementary groups of the account

    • no_user_group (boolean): when true, does not create a user group for the account. This has no effect on any existing groups.

    • no_log_init (boolean): when set to true, does not add the user to the lastlog and faillog databases. This has no effect on any existing accounts.

    • shell (string): the login shell of the new account

    • system (boolean): when set to true, creates the account as a system account. Has no effect on an existing account.

  • groups (list of objects): a list of groups to be added

    • name (string, required, must be unique): the name of the group

    • gid (integer): the group ID of the group

    • password_hash (string): the hashed password for the group

    • system (boolean): when set to true, the group is created as a system group. Has no effect on existing groups.


Producing an Ignition File is a tutorial for how to provide an SSH key for login of the existing core user.

You can also add a password hash to this user, specify the user’s groups, and add more users as shown below:

Example for modifying and adding users:
    - name: core
        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGdByTgSVHq......."
    - name: elroy
      password_hash: "$6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5yYv6mTlWfOoCYHZmfi3LDKVltj.E8XNKEcwWm..."
        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGdByTgSVHq......."
      groups: [ sudo, docker ]

As you can see from this snippet, the core user is modified with a private SSH key, and a new user named elroy is added. The elroy user can log in with a private SSH key or with a password and is added to the sudo and docker groups.