Contact UsGet started

Creating an OS Login profile

Written by
Updated at November 25, 2024

By default, enabling the OS Login access creates OS Login profiles for all users within your organization. Also, you can create additional profiles or edit the existing ones. You can use OS Login profiles as user profiles when working within VMs or Kubernetes cluster nodes.

Note

To view the list of OS Login profiles, a user must have the organization-manager.osLogins.viewer role or higher for the organization.

To create an additional OS Login profile for a user, follow these steps:

  1. Log in to Yandex Cloud Organization using an administrator or organization owner account.

    Switch to an organization or federation of your choice as needed.

  2. In the left-hand panel, select Users.

  3. From the list, select the user you want to create an OS Login profile for.

    You may want to use the filter or search for that.

  4. On the user page, go to the OS Login profiles tab and click Create profile. In the window that opens:

    1. Enter the OS username the user will get when connected to the VM. It must be unique within the folder.

      Note

      The username may contain Latin letters, numbers, hyphens, and underscores but must begin with a letter, number, or underscore. It must be from 1 to 32 characters long.

    2. In the ID (uid) field, enter a unique numeric user ID (UID) within the range from 1000 to 65534. It must be unique within the system.

    3. (Optional) In the Home directory field, enter the path to the user's home folder.

    4. (Optional) In the Default shell field, specify the path to the command shell executable file.

    5. Click Create.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command for creating an OS Login profile:

    yc organization-manager oslogin profile create --help

  2. Get the ID of the required organization:

    yc organization-manager organization list

    Result:

    +----------------------+-------------------------+-----------------------+--------+
|          ID          |          NAME           |         TITLE         | LABELS |
+----------------------+-------------------------+-----------------------+--------+
| bpf1smsil5q0******** | sample-organization-1   | My organization       |        |
| bpf2c65rqcl8******** | sample-organization-new | New organization      |        |
+----------------------+-------------------------+-----------------------+--------+

  3. Get the required user ID by specifying the ID of the organization it belongs to:

    yc organization-manager user list \
  --organization-id <organization_ID>

    Result:

    +----------------------+----------+-------------------+---------------+-----------------------+
|          ID          | USERNAME |       EMAIL       | FEDERATION ID | LAST AUTHENTICATED AT |
+----------------------+----------+-------------------+---------------+-----------------------+
| rser11gh89el******** | user01   | user01@example.ru |               |                       |
| mber02hy54km******** | user02   | user02@example.ru |               |                       |
+----------------------+----------+-------------------+---------------+-----------------------+

    To create an OS Login profile for a service account, get the service account ID.

  4. Create an OS Login profile for the selected user or service account:

    yc organization-manager oslogin profile create \
  --organization-id <organization_ID> \
  --subject-id <user_or_service_account_ID> \
  --login <login> \
  --uid <numeric_ID> \
  --home-directory <path_to_home_folder> \
  --shell <path_to_command_shell_executable_file>

    Where:

    • --organization-id: Organization ID you got earlier.

    • --subject-id: User or service account ID you got earlier.

    • --login: OS username the user will get when connected to the VM. It must be unique within the folder.

      Note

      The username may contain Latin letters, numbers, hyphens, and underscores but must begin with a letter, number, or underscore. It must be from 1 to 32 characters long.

    • --uid: Unique numeric user ID (UID) within the range of 1000 to 65534. It must be unique within the system.

    • (Optional) --home-directory: Path to the user's home folder. The default value is /home/<username>.

    • (Optional) --shell: Path to the command shell executable file. The default value is /bin/bash.

    Result:

    id: aje6ddct3de5********
organization_id: bpf1smsil5q0********
subject_id: rser11gh89el********
login: new-os-login
uid: "100500"
home_directory: home/username
shell: bin/bash

Use the createProfile REST API method for the OsLogin resource or the OsLoginService/CreateProfile gRPC API call.

Note

If you set the UID manually, use values in the range from 1000 to 65534. Using this range will prevent collisions between the OS Login profile UID and those of OS system profiles.

See also

Previous
Enabling access via OS Login
Next
Adding an SSH key