guidugli.user

Panoramica Versioni Approfondimenti

Ansible Role: User

This Ansible Role helps you set up user login details, user policies, and perform security checks related to users and groups. It works on systems like RHEL/CentOS, Fedora, and Debian/Ubuntu.

Requirements

No extra requirements needed.

Role Variables

Here are the available variables and their default values (check defaults/main.yml):

  • user_skip_config: false
    If set to true, it will skip all user configurations and only add or remove users and groups.

  • user_new_password: "{{ vault_admin_password }}"
    This should have the new password if the password of the user running Ansible changes. It's best to keep this password in a separate encrypted file.

  • user_configure_single_user: no
    Set this to configure single user mode (you need to have the root password set).

  • user_max_days: 365
    The number of days before the password expires.

  • user_min_days: 7
    The number of days until a user can change their password.

  • user_inactive_days: 30
    The number of days before a user is considered inactive.

  • user_warn_age: 7
    Days before the password expires that will show a warning to the user.

  • user_umask: '027'
    The UMASK value used by all users.

  • user_shell_timeout: 900
    The timeout for shells, in seconds.

  • user_fix_existing_accounts: yes
    If set to true/yes, it will perform security checks on users and groups.

  • root_password: ''
    This sets the root password.

  • user_account_add: []
    This is for adding or changing user accounts. The default value is an empty list. You can see an example commented out above. Includes all options from ansible.builtin.user and has an extra option "linger." If not specified, lingering won't change.

  • user_account_remove: []
    List of usernames to be removed from the system.

  • user_group_add: []
    This is for adding new groups. The default is an empty list, and you must include the group name.

  • user_group_remove: []
    This is for removing groups from the system.

  • user_alias: []
    Create or remove aliases in the user's bashrc file. The command isn't needed if you're removing.

Dependencies

None.

Example Playbook

- hosts: servers
  vars:
    user_max_days: 365
    user_min_days: 7
    user_inactive_days: 30
    user_warn_age: 7
    user_umask: '027'
    user_shell_timeout: 900
    user_fix_existing_accounts: yes
    root_password: mypass
    user_account_add:
      - name: example
        comment: This is an example
        uid: 1076
        groups: ['admin']
        shell: /bin/bash
        password: encpwd
        linger: false
    user_account_remove:
      - removeme
    user_group_add:
      - name: admin
        gid: 760
    user_group_remove:
      - mygroup
    user_alias:
      - user: example
        alias: myls
        command: ls -l --color=auto
        state: present

  roles:
     - { role: guidugli.user }

License

MIT / BSD

Author Information

This role was created in 2020 by Carlos Guidugli.

Informazioni sul progetto

Add/Remove users; define and check security settings

role user group management add remove
Installa
ansible-galaxy install guidugli.user
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
142
Proprietario