Hey, we use custom ubuntu-core images, there are 3 way of adding users to system.
adding sso user via console-conf(we already disabled that one, not possible in our systems)
adding sso user over snapd, in our case through landscape script
adding user with user assertion which is signed in SerialVault
We would like to know if there is a way to prevent adding users to the system at all, our main concern is to disable access to production devices.
There is a system option to disable ssh which might be useful to block access to production devices, but it would be cool if we can prevent user addition at all.
With core24 console-conf is completely gone from the image so the first point doesn’t apply anymore (unless you explicitly seed the console-conf snap)
The SerialVault way requires that you sign the assertion with the brand account (unless you turn this off in your model, which you indeed shouldn’t ) and indeed you need access to the vault in the first place…
So the only partially risky bit here is the landscape script, I’m not sure if you can limit access to certain scripts in landscape, that might be a thing to think about…
In general you can indeed file a wishlist bug to get such a toggle added, but not sure what priority this would get in the snapd team, so it could take a while…
Hey @ogra , do you think it would be possible to set some system settings
system service.ssh.disable=true
in the configure hook of gadget snap with snapctl ?
Any example would be cool.
I am asking because we would like to enable/disable SSH based on the device model, in which we process it over configure hook of gadget snap.
Currently, it could be set over defaults which we will end up having two different builds and stores for dev and prod .
I suspect this would need adding the snapd-control interface to the gadget for the hook, then it might work (though not sure snapctl would work here, you might need to use a pythin call to the snapd API)
) and indeed you need access to the vault in the first place…