# User Management

## Overview

User Manager service exposes D-Bus methods for user management operations.

### User Manager Interface

User manager interface `xyz.openbmc_project.User.Manager` provides following
methods, properties and signals.

#### xyz.openbmc_project.User.Manager interface

##### methods

- CreateUser - To create new user to the system.
- RenameUser - To rename existing user to new name in the system.

##### properties

- AllGroups - To list all the groups supported in the system.
- AllPrivileges - To list all the privileges supported in the system.

##### signals

- UserRenamed - Signal sent out when user is renamed in the system.

#### xyz.openbmc_project.User.AccountPolicy interface

##### properties

- MaxLoginAttemptBeforeLockout - Permissible attempt before locking out the
  user for failed login attempts.
- AccountUnlockTimeout - Timeout (in seconds) to unlock the account after a
  lockout.
- MinPasswordLength - Minimum password length, which can be set.
- RememberOldPasswordTimes – Number of times old password shouldn’t be allowed
  when updating password for the user.

### Users Interface

User manager daemon, will create user objects for every user existing
in the system under object path `/xyz/openbmc_project/user/<user name>`.
Each user object can be handled through 'org.freedesktop.DBus.ObjectManager'.
User object will expose following properties and methods.

#### xyz.openbmc_project.User.Attributes interface

##### properties

- UserPrivilege - Privilege of the user.
- UserGroups - Groups to which the user belongs.
- UserEnabled - User enabled state.
- UserLockedForFailedAttempt - Locked or unlocked state of the user account.

#### xyz.openbmc_project.Object.Delete

#### methods

- Delete - To delete the user object in the system.

## Note

This interface doesn't provide ways to set / update password. The same must
be set / updated through pam_chauthtok() (PAM modules). This is to avoid
sending out password through D-Bus.