adfinis-sygroup.users

Panoramica Versioni Approfondimenti

Users

This role creates accounts for customers and Adfinis users.

Requirements

This role requires an initial non-root user with sudo permissions on the system ({{users_default_user}}, see Role Variables below).

This user is used to set up the initial user accounts and is then deleted. The deletion occurs in the final task of this role (so the first run will work fine, but if you run it again, you won’t be able to log in).

In a playbook (or sequence of playbooks), it is recommended to apply this role in two ways:

  1. The first time, run with remote_user: {{users_default_user}}.
  2. After that, run with the intended user (either their personal account or root, if allowed).

It’s a good idea to keep one playbook for the initial setup and another for ongoing management.

Role Dependencies

(none)

Role Variables

Mandatory

  • users_root_password_salt (string, default: unset):
    A salt used for hashing the root password.
    Note: This is only required if users_root_password is set and users_root_password_is_hashed is false.

  • users_customer_group (string):
    Name of the system group for all customer user accounts.
    Note: This is only required if users_customer is not empty.

Optional

  • users_root_password (string, default: unset):
    If not set, the root password remains unchanged.
    If set and users_root_password_is_hashed is false, this is the clear-text password, and users_root_password_salt must also be set.
    If set and users_root_password_is_hashed is true, this is considered a hashed password.

  • users_root_password_is_hashed (boolean, default: false):
    If true, it assumes users_root_password has already been hashed (in which case, users_root_password_salt is not needed).

  • users_root_authorized_keys (list, default: []):
    SSH public keys authorized for root login.
    Each element includes:

    • key (string, mandatory): The key data.
    • comment (string, optional, default: unset): A comment attached to the key line (usually user@host).
    • description (string, optional, default: unset): A human-readable description above the key line in the authorized_keys file.
    • options (string, optional, default: unset): Key options to prepend to the key line.

  • users_adfinis (list, default: []):
    Adfinis user accounts to create. Each user will be added to the {{users_adfinis_group}} system group. In contrast, any existing non-system user in this group not listed here will be deleted.
    Each element includes:

    • username (string, mandatory): The user account name.
    • authorized_keys (list, default: []): SSH public keys authorized for root login (same structure as users_root_authorized_keys).

  • users_adfinis_group (string, default: adfinis):
    Name of the system group for all Adfinis user accounts.

  • users_adfinis_ssh_pubkey_options (string, default: unset):
    Key options to prepend to all key lines.

  • users_adfinis_homedir_mode (file permission mode, default: 0700):
    File permission mode for each Adfinis user’s home directory.
    Note: Due to a historical issue with Jinja2, the mode must be passed as a string or a specific Ansible option must be set to true.

  • users_adfinis_unrestricted_sudo (boolean, default: true):
    Whether Adfinis users have unrestricted sudo access.

  • users_adfinis_user_remove_home (boolean, default: false):
    Whether to delete the home directory when removing an unlisted Adfinis account.

  • users_customer (list, default: []):
    Customer user accounts to create, each added to the {{users_customer_group}} system group. Each entry has the same structure as users_adfinis.

  • users_customer_homedir_mode (file permission mode, default: 0755):
    File permission mode for each customer’s home directory.
    The default makes it world-readable for customers to use sudo -u to run other users’ commands and access files in their home directory.
    Note: Same note about Jinja2 issue as above.

  • users_customer_unrestricted_sudo (boolean, default: false):
    Whether customer users have unrestricted sudo access.

  • users_default_user (string, default: adfinis):
    Name of the initially existing non-root user account on the system, which will be deleted.

  • users_default_user_remove_home (boolean, default: false):
    Whether to delete the home directory of the initially existing non-root user account.

Role Tags

  • init: Combines role::users:root and role::users:adfinis.
  • role::users: All tasks in this role.
  • role::users:root: Tasks that set up the root user account.
  • role::users:adfinis: Tasks that set up Adfinis user accounts.
  • role::users:adfinis:create: Tasks to set up Adfinis user accounts without deletion.
  • role::users:adfinis:delete: Tasks to delete unnecessary Adfinis user accounts.
  • role::users:customer: Tasks that set up customer user accounts.
  • role::users:default: Tasks that clean up the default user account.

Support Policy

Only the latest release is supported and maintained (see the Tags page).

Once a new release is available, the previous release branch will not receive bug fixes.

Informazioni sul progetto

Create and remove posix users and groups, add or remove ssh keys

role groups sshkeys users
Installa
ansible-galaxy install adfinis-sygroup.users
GitHub repository
0 stelle
1 fork
0 problemi aperti
Licenza
Unknown
Download
3.5k
Proprietario
Adfinis
Adfinis SyGroup was rebranded to Adfinis, follow the link below: