Removing install user with Packer

Question

When a VM is first created, it gets an install user that is used to run the provisioning. I want to remove this user at the last step because it's not necessarily secure and it's unnecessary. However, Packer runs all of the provisioners as this user. I've tried using Ansible, but it still seems to be using this user in some capacity and thus the Ansible playbook cannot actually remove it without failing (saying that there programs still running as the given user). Rather than bumble around, I'm asking if anyone has any ideas as to how to achieve this goal, which should be simple and has turned out not to be.

score 6 · Answer 1 · answered Apr 30 '21 at 22:12

I found another way that works with packer 1.7 for QEMU, VMware, and VirtualBox. You can remove the user in the shutdown command. This method assumes the user has sudo access.

shutdown_command   = "sudo su root -c \"userdel -rf packer; rm /etc/sudoers.d/90-cloud-init-users; /sbin/shutdown -hP now\""

Joey Coleman · Answer 2 · 2019-05-30T18:42:52.217

I realize this is a rather old question, but I didn't like the idea of using a cronjob (or cloud-init, or anything that happens after the image would be instantiated) for this, and found what I find to be a better solution using packer itself. This works in Packer 1.4:

{
    "type": "shell",
    "skip_clean": true,
    "execute_command": "chmod +x {{ .Path }}; sudo env {{ .Vars }} {{ .Path }} ; rm -f {{ .Path }}",
    "inline": [
        "rm -f /etc/sudoers.d/90-cloud-init-users",
        "/usr/sbin/userdel -r -f fedora",
    ]
}

This assumes your install user is named fedora — it leverages Packer's skip_clean option to skip the deletion of the shell script after the inline section completes (which, given that the fedora user no longer exists, was guaranteed to fail).

Also note that if you have SSH agent forwarding turned on with packer, this may leave traces of the agent socket behind in the image.

score 2 · Accepted Answer · answered Apr 04 '17 at 07:30

2

Schedule a cron job to remove the user with @reboot option or add a few lines to rc scripts to do the same.

answered Apr 04 '17 at 07:30

techraf

4,403

score 0 · Answer 4 · answered Jun 27 '25 at 07:23

After trying out a lot of options, this is what worked for me and cleanest, (no cronjobs, no tweaks):

tested on packer v1.13.1

        {
            "type": "shell",
            "execute_command": "echo 'ubuntu'|sudo -S bash -x {{.Path}}",
            "inline": [
                "userdel -fr ubuntu || true",
                "another_command_here || true"
            ],
            "expect_disconnect": true
        }

Removing install user with Packer

4 Answers4