openbmc_project/User/README.md

# User Management

## Overview

User Manager service exposes D-Bus methods for user management operations.

### User Manager Interface

User manager interface `xyz.openbmc_project.User.Manager` provides following
methods, properties and signals.

#### xyz.openbmc_project.User.Manager interface

##### methods

- CreateUser - To create new user to the system.
- RenameUser - To rename existing user to new name in the system.

##### properties

- AllGroups - To list all the groups supported in the system.
- AllPrivileges - To list all the privileges supported in the system.

##### signals

- UserRenamed - Signal sent out when user is renamed in the system.

#### xyz.openbmc_project.User.AccountPolicy interface

##### properties

- MaxLoginAttemptBeforeLockout - Permissible attempt before locking out the user
  for failed login attempts.
- AccountUnlockTimeout - Timeout (in seconds) to unlock the account after a
  lockout.
- MinPasswordLength - Minimum password length, which can be set.
- RememberOldPasswordTimes – Number of times old password shouldn’t be allowed
  when updating password for the user.

### Users Interface

User manager daemon, will create user objects for every user existing in the
system under object path `/xyz/openbmc_project/user/<user name>`. Each user
object can be handled through 'org.freedesktop.DBus.ObjectManager'. User object
will expose following properties and methods.

#### xyz.openbmc_project.User.Attributes interface

##### properties

- UserPrivilege - Privilege of the user.
- UserGroups - Groups to which the user belongs.
- UserEnabled - User enabled state.
- UserLockedForFailedAttempt - Locked or unlocked state of the user account.

#### xyz.openbmc_project.Object.Delete

#### methods

- Delete - To delete the user object in the system.

## Note

This interface doesn't provide ways to set / update password. The same must be
set / updated through pam_chauthtok() (PAM modules). This is to avoid sending
out password through D-Bus.