tree: a9741b54afcd04742e74dec53967bf82dbd0e9ef [path history] [tgz]
  1. Ldap/
  2. AccountPolicy.interface.yaml
  3. Attributes.interface.yaml
  4. Common.errors.yaml
  5. Common.metadata.yaml
  6. Manager.interface.yaml
  7. PrivilegeMapper.interface.yaml
  8. PrivilegeMapperEntry.interface.yaml
  9. README.md
yaml/xyz/openbmc_project/User/README.md

User Management

Overview

User Manager service exposes D-Bus methods for user management operations.

User Manager Interface

User manager interface xyz.openbmc_project.User.Manager provides following methods, properties and signals.

xyz.openbmc_project.User.Manager interface

methods
  • CreateUser - To create new user to the system.
  • RenameUser - To rename existing user to new name in the system.
properties
  • AllGroups - To list all the groups supported in the system.
  • AllPrivileges - To list all the privileges supported in the system.
signals
  • UserRenamed - Signal sent out when user is renamed in the system.

xyz.openbmc_project.User.AccountPolicy interface

properties
  • MaxLoginAttemptBeforeLockout - Permissible attempt before locking out the user for failed login attempts.
  • AccountUnlockTimeout - Timeout (in seconds) to unlock the account after a lockout.
  • MinPasswordLength - Minimum password length, which can be set.
  • RememberOldPasswordTimes – Number of times old password shouldn’t be allowed when updating password for the user.

Users Interface

User manager daemon, will create user objects for every user existing in the system under object path /xyz/openbmc_project/user/<user name>. Each user object can be handled through 'org.freedesktop.DBus.ObjectManager'. User object will expose following properties and methods.

xyz.openbmc_project.User.Attributes interface

properties
  • UserPrivilege - Privilege of the user.
  • UserGroups - Groups to which the user belongs.
  • UserEnabled - User enabled state.
  • UserLockedForFailedAttempt - Locked or unlocked state of the user account.

xyz.openbmc_project.Object.Delete

methods

  • Delete - To delete the user object in the system.

Note

This interface doesn't provide ways to set / update password. The same must be set / updated through pam_chauthtok() (PAM modules). This is to avoid sending out password through D-Bus.