User Accounts

• The passwd And shadow Files
• Administrator Account
• Default Password
• Automatically Update Passwords

---

The passwd And shadow Files

The standard passwd Unix file provides the available user accounts. This file is read-only and therefore no user accounts can be added/removed to/from a running system. You can statically configure available user accounts by editing this file before building your OS.

The shadow file however is a symlink to /data/etc/shadow and is normally writable on a running system, allowing passwords to be changed.

Administrator Account

By default, the admin username is an alias to root. It is this way because people are used to having an admin account on their devices and it's usually a superuser. Logging in to your thingOS machine with admin will be the same as logging in with root.

Default Password

Passwords are stored on the data partition. The data partition is created at first boot and an empty root/admin password is automatically set by the S00datapart init script.

Automatically Update Passwords

While passwords can be changed using the well-known passwd command, thingOS is often used to host a service that may have a user-friendly frontend (e.g. an administrative web interface), where people can change their admin passwords.

The service-specific password can be synchronized with the Unix account password, so that all other services running on the machine (such as SSH or an FTP server) will accept the same credentials. This is done by the adminpasswd helper script.

Executing adminpasswd with the PASSWORD environment variable set to the new password will update the Unix root/admin password accordingly.

Moreover, if you want to update other accounts' passwords as well (such as Samba, by calling smbpasswd), you can create an executable script in /etc/adminpasswd.d. All executable scripts in this directory will be executed with the PASSWORD environment set, whenever the adminpasswd helper is run.