diff --git a/lib/tiny-cloud/init b/lib/tiny-cloud/init
index cb80197..d8322eb 100644
--- a/lib/tiny-cloud/init
+++ b/lib/tiny-cloud/init
@@ -169,16 +169,18 @@ init__create_default_user() {
         return
     fi
 
-    addgroup "$user"
-    adduser -h "/home/$user" -s /bin/sh -G "$user" -D "$user"
-    addgroup "$user" wheel
-    echo "$user:*" | chpasswd -e
+    $MOCK addgroup "$user"
+    $MOCK adduser -h "/home/$user" -s /bin/sh -G "$user" -D "$user"
+    $MOCK addgroup "$user" wheel
+    echo "$user:*" | $MOCK chpasswd -e
 
     # setup sudo and/or doas
-    [ -d "$ROOT/etc/sudoers.d" ] &&
+    if [ -d "$ROOT/etc/sudoers.d" ]; then
         echo '%wheel ALL=(ALL) NOPASSWD: ALL' > "$ROOT/etc/sudoers.d/wheel"
-    [ -d "$ROOT/etc/doas.d" ] &&
+    fi
+    if [ -d "$ROOT/etc/doas.d" ]; then
         echo 'permit nopass :wheel' > "$TARGET/etc/doas.d/wheel.conf"
+    fi
 }
 
 init__enable_sshd() {
diff --git a/tests/init-early.test b/tests/init-early.test
index 57bb3af..b3b1302 100755
--- a/tests/init-early.test
+++ b/tests/init-early.test
@@ -14,7 +14,8 @@ init_tests \
 	find_first_interface_up \
 	auto_detect_ethernet_interface \
 	set_default_interfaces \
-	enable_sshd
+	enable_sshd \
+	create_default_user
 
 PROVIDERS="aws azure gcp nocloud oci"
 
@@ -109,3 +110,12 @@ enable_sshd_body() {
 			sh -c ". $lib; init__enable_sshd"
 	done
 }
+
+create_default_user_body() {
+	atf_check \
+		-o match:"addgroup alpine" \
+		-o match:"adduser.*alpine" \
+		-o match:"addgroup alpine wheel" \
+		-o match:"chpasswd -e" \
+		sh -c ". $lib; init__create_default_user"
+}