Use cloud-init to add a user to a Linux VM in Azure

This article shows you how to use cloud-init to add a user on a virtual machine (VM) or virtual machine scale sets (VMSS) at provisioning time in Azure. This cloud-init script runs on first boot once the resources have been provisioned by Azure. For more information about how cloud-init works natively in Azure and the supported Linux distros, see cloud-init overview.

Add a user to a VM with cloud-init

One of the first tasks on any new Linux VM is to add an additional user for yourself to avoid the use of root. SSH keys are best practice for security and usability. Keys are added to the ~/.ssh/authorized_keys file with this cloud-init script.

To add a user to a Linux VM, create a file in your current shell named cloud_init_add_user.txt and paste the following configuration. For this example, create the file in the Cloud Shell not on your local machine. You can use any editor you wish. Enter sensible-editor cloud_init_add_user.txt to create the file and see a list of available editors. Choose #1 to use the nano editor. Make sure that the whole cloud-init file is copied correctly, especially the first line. You need to provide your own public key (such as the contents of ~/.ssh/id_rsa.pub) for the value of ssh-authorized-keys: - it has been shortened here to simplify the example.

#cloud-config
users:
  - default
  - name: myadminuser
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa AAAAB3<snip>

Note

The #cloud-config file includes the - default parameter included. This will append the user, to the existing admin user created during provisioning. If you create a user without the - default parameter - the auto generated admin user created by the Azure platform would be overwritten.

Before deploying this image, you need to create a resource group with the az group create command. An Azure resource group is a logical container into which Azure resources are deployed and managed. The following example creates a resource group named myResourceGroup in the eastus location.

az group create --name myResourceGroup --location eastus

Now, create a VM with az vm create and specify the cloud-init file with --custom-data cloud_init_add_user.txt as follows:

az vm create \
  --resource-group myResourceGroup \
  --name centos74 \
  --image OpenLogic:CentOS:7-CI:latest \
  --custom-data cloud_init_add_user.txt \
  --generate-ssh-keys 

SSH to the public IP address of your VM shown in the output from the preceding command. Enter your own publicIpAddress as follows:

ssh <publicIpAddress>

To confirm your user was added to the VM and the specified groups, view the contents of the /etc/group file as follows:

cat /etc/group

The following example output shows the user from the cloud_init_add_user.txt file has been added to the VM and the appropriate group:

root:x:0:
<snip />
sudo:x:27:myadminuser
<snip />
myadminuser:x:1000:

Next steps

For additional cloud-init examples of configuration changes, see the following: