diff --git a/src/etc/one-context.d/loc-20-set-username-password b/src/etc/one-context.d/loc-20-set-username-password
index 57f2eb5..3441eb4 100755
--- a/src/etc/one-context.d/loc-20-set-username-password
+++ b/src/etc/one-context.d/loc-20-set-username-password
@@ -16,21 +16,19 @@
 # limitations under the License.                                             #
 #--------------------------------------------------------------------------- #
 
-if [ -z "${USERNAME}" ]; then
-    USERNAME=root
-fi
+# defaults
+USERNAME=${USERNAME:-root}
+USERNAME_SHELL=${USERNAME_SHELL:-/bin/bash}
+USERNAME_SUDO=${USERNAME_SUDO:-${GRANT_SUDO:-YES}}
+USERNAME_SUDO=$(echo "${USERNAME_SUDO}" | tr '[:lower:]' '[:upper:]')
+USERNAME_PASSWORD_RESET=${USERNAME_PASSWORD_RESET:-YES}
+USERNAME_PASSWORD_RESET=$(echo "${USERNAME_PASSWORD_RESET}" | tr '[:lower:]' '[:upper:]')
 
 if ! getent passwd "${USERNAME}" > /dev/null 2>&1; then
-    useradd -m "${USERNAME}"
+    useradd -m "${USERNAME}" -s "${USERNAME_SHELL}"
 fi
 
-GRANT_SUDO=${GRANT_SUDO:-YES}
-GRANT_SUDO=$(echo "${GRANT_SUDO}" | tr '[:lower:]' '[:upper:]')
-
-PASSWORD_RESET=${PASSWORD_RESET:-YES}
-PASSWORD_RESET=$(echo "${PASSWORD_RESET}" | tr '[:lower:]' '[:upper:]')
-
-if [ "${GRANT_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
+if [ "${USERNAME_SUDO}" == "YES" ] && [ "${USERNAME}" != "root" ]; then
     echo "${USERNAME} ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/one-context
     chmod 0440 /etc/sudoers.d/one-context
 elif [ -f /etc/sudoers.d/one-context ]; then
@@ -61,6 +59,6 @@ ${PASSWORD}
 ${PASSWORD}
 EOF
 	fi
-elif [ "${PASSWORD_RESET}" = 'YES' ]; then
+elif [ "${USERNAME_PASSWORD_RESET}" = 'YES' ]; then
     usermod -p '*' "${USERNAME}"
 fi