Support templated user properties (including extension properties)
It would be useful if accountsservice supported a template to populate the properties of a user when a new one is created (using the accountsservice D-Bus interface; this wouldn’t work if useradd
was run directly by an admin).
For example, in Endless OS we have a vendor extension which adds parental controls to user accounts, storing (roughly) a whitelist of apps which that user is allowed to run. We would like to be able to provide a default value for that whitelist which differs based on the account type — empty for administrator accounts, and some deployment-specific whitelist for standard accounts. We can’t change the default value in the vendor extension D-Bus introspection XML file, because that’s stored in the OSTree image and hence can’t vary between deployments (for $ostree_reasons).
Strawman proposal:
- Add a new template file hierarchy,
{/etc,/run,/usr/local/share,/usr/share}/AccountsService/user-templates/{standard,administrator}
, where thestandard
oradministrator
files are key files containing default values. - The groups and keys are the same as used in the existing
/var/lib/AccountsService/users/${username}
files, and are used to pre-populate those exactly. - A
standard
template in/etc/AccountsService/user-templates
overrides one in/usr/share/AccountsService/user-templates
, etc., following the standard fromman systemd.unit
. - If the
AccountType
enum grows any more values in future, they would get their own template files.
How does that sound? I’m open to other suggestions to achieve the same goal.