Your submission was sent successfully! Close

You have successfully unsubscribed! Close


The system-user assertion is a permit by the brand for local system users to be created on its specified devices. The most common use case is for creating system users in the factory line or on first boot, by using a USB dongle which would contain this assertion.

The format is as follows:

type:              system-user
authority-id:      <authority account-id>
revision:          <int>
brand-id:          <account-id>
email:             <user e-mail>
series:            <list of series which should accept this assertion>
models:            <models which should accept this assertion>
serials:           <optional list of one or more device serial numbers>
name:              <optional person’s name>
username:          <system user name>
password:          <encoded password>
ssh-keys:          <list>
since:             <UTC datetime>
until:             <UTC datetime>
sign-key-sha3-384: <key id> # Encoded key id of signing key

<signature>                 # Encoded signature

The index is the tuple <brand-id, email>. series is as specified by the model assertion. These assertions must be signed by the brand.

The serials field limits the scope of the system-user assertion to devices with matching serials. This field can only be used with a revision of 1 or greater, and also limits the models field to accepting just a single model assertion.

The password header must be encoded and salted, following the format specified by crypt(3). The until header is in this case required.

The simple addition of such assertions to a device assertion database should not be enough to trigger the user creation. This must be initiated explicitly (via snap create-user, or in the context of the auto-import mechanism for assertions from removable devices, which requires physical access to the device).

This would be an example of this assertion:

type: system-user
authority-id: 324hfanjkfqASdFQWfnawefhu8Jauhdj
brand-id: 324hfanjkfqASdFQWfnawefhu8Jauhdj
email: test@localhost
  - pc
name: Default Test User
password: $6$OCvKy4w/Ppxp7IvC$WPzWiIW.4y18h9htjbOuxLZ.sjQ5M2hoSiEu3FpMU0PMdHQuQdBOqvk8p6DMdS/R/nU/rXidClD23CbSkSgp30
  - 16
since: 2016-10-24T07:12:10+00:00
until: 2017-10-24T07:12:10+00:00
username: test
sign-key-sha3-384: kKd-kgxTJSR-wm5OT5M-gVxo4zv0Y19AAloJE4dq7C0QlbPsdbof0G5g0lCpg0J_


Last updated 10 months ago. Help improve this document in the forum.