How to create a user (normal and root) using kickstart configuration file in RHEL 7 / CentOS 7

I have already written an article explaining the various syntax used in the kickstart file of Red Hat Enterprise Linux 7 with examples and sample kickstart configuration file.

Creating root user

In kickstart configuration file by default root user will be created as soon as we assign password so we need not add additional function to create "root" user

Parameter to be used
rootpw (required)
Sets the system's root password to the password argument.
rootpw [--iscrypted|--plaintext] [--lock] password
If you already have encrypted password handy then you can use below syntax
rootpw --iscrypted $6$uiq8l/7xEWsYXhrvaEgan4N21yhLa8K.U7UA12Th3PD11GOXvEcI40gp1
Here as you see I have provided the encrypted password so this will create the "root" user and assign this password to the user
--iscrypted - If this option is present, the password argument is assumed to already be encrypted.

To encrypt the password

# python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
Password:
Confirm:
$6$NQxcaeY.Pvm1FWBl$LriLt5PFtqUUs0sJgUhpAwOc4n9dwJ0sx1qPDVXHZzXq0GnA8ZpuLkJG9QoGb5JwUv2/3JZLJBjDTUJXIP3bS.This generates a sha512 crypt-compatible hash of your password using a random salt.

Creating normal user

In kickstart configuration file to create a user use the below syntax

Syntax
user --name=username [options]

Below are some of the options which can be used with above syntax

--name= - Provides the name of the user. This option is required.

--gecos= - Provides the GECOS information for the user. This is a string of various system-specific fields separated by a comma. It is frequently used to specify the user's full name, office number, and so on. See the passwd(5) man page for more details.

--groups= - In addition to the default group, a comma separated list of group names the user should belong to. The groups must exist before the user account is created. See the group command.

--homedir= - The home directory for the user. If not provided, this defaults to /home/username.

--lock - If this option is present, this account is locked by default. This means that the user will not be able to log in from the console. This option will also disable the Create User screens in both the graphical and text-based manual installation.

--password= - The new user's password. If not provided, the account will be locked by default.

--iscrypted - If this option is present, the password argument is assumed to already be encrypted. This option is mutually exclusive with --plaintext.

--shell= - The user's login shell. If not provided, the system default is used.

--uid= - The user's UID (User ID). If not provided, this defaults to the next available non-system UID.

--gid= - The GID (Group ID) to be used for the user's group. If not provided, this defaults to the next available non-system group ID.

To create an encrypted password, you can use python:

# python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'
Password:
Confirm:
$6$NQxcaeY.Pvm1FWBl$LriLt5PFtqUUs0sJgUhpAwOc4n9dwJ0sx1qPDVXHZzXq0GnA8ZpuLkJG9QoGb5JwUv2/3JZLJBjDTUJXIP3bS.This generates a sha512 crypt-compatible hash of your password using a random salt.

Example
user --name=deepak --groups=wheel --plaintext --password=abcd@123
Above uses a plaintext password, if you have encrypted password handy use the below syntax

user --name=deepak --groups=wheel --iscrypted --password=$6$NQxcaeY.Pvm1FWBl$LriLt5PFtqUUs0sJgUhpAwOc4n9dwJ0sx1qPDVXHZzXq0GnA8ZpuLkJG9QoGb5JwUv2/3JZLJBjDTUJXIP3bS.
You can also use the below command to generate an encrypted password which can be used above (Replace my_password highlighted in yellow with your password)

python -c "import crypt,random,string; print crypt.crypt("my_password", '$6$' + ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]))"

I hope the article was useful.

2 thoughts on “How to create a user (normal and root) using kickstart configuration file in RHEL 7 / CentOS 7”

  1. you can also use the "mkpasswd" utility to make a passwd hash:

    $ mkpasswd
    Password:
    $y$j9T$pTmrKApWuzGJ9OpWIFdZY.$pvNNCjS7DxUAC6mSw6vc3oPHIMvMT4erfK5WB74P1i8

    Reply

Leave a Comment