route1337.linux_users

Panoramica Versioni Approfondimenti

Ansible Role - Linux Users

This repository has the Ansible role for managing Linux Users (linux_users).

What this role does

This role helps you create, update, and delete Linux user accounts and their SSH keys based on the provided inventory.

What it Does:

  1. Set up user groups:
    1. Create a sysadmins group for users who can use sudo without a password.
    2. Create a sysusers group for users who cannot use sudo.
    3. Create a svcaccounts group for service accounts that can use sudo without a password.
  2. Manage the root user:
    1. Handle root's password and SSH keys.
  3. Manage non-root users:
    1. Create, update, or delete user accounts.
    2. Create, update, or delete home directories for users.
    3. Manage users’ SSH keys.
    4. Oversee which groups users belong to (they should be part of one of the above groups).

Caveats

Here are some important notes to remember:

  1. The root password must be pre-encrypted.
  2. You can manage multiple SSH keys in one of two ways because of exclusive: yes:
    1. Use a single string with newline characters between the keys.
    2. Use a URL pointing to GitHub keys.
  3. Non-root users will not have passwords since they can use sudo without one, and they won't have local login access.
  4. Users who have home directories in /home/ but are not listed in linux_users.users will be deleted.
    1. This method of managing unapproved users isn't ideal and will be improved in the future.

Variables

You need to set the following required variable:

  1. linux_users.root_password - The already-encrypted password for the root user.

You can optionally set the following variables:

  1. linux_users.root_key - The SSH key(s) for the root user. If you don't define this, root's authorized_keys file will be removed.
  2. linux_users.users - A list of user accounts with the following details. If you don’t define this, user accounts will not be managed.
    users:
  - username: pgibbons
    key: "ssh-rsa BLAH BLAH BLAH"
    comment: Peter Gibbons
    group: sysadmins
  - username: mbolton
    key: https://github.com/notthatmichaelbolton.keys
    comment: Michael Bolton
    group: sysusers
  - username: svc-ghactions
    key: ssh-rsa BLAH BLAH BLAH\nssh-rsa BLEH BLEH BLEH"
    comment: ServiceAccount-GitHub Actions
    group: svcaccounts

The following variable is mainly for testing:

  1. is_kitchen - If this is defined, the roles in tests/roles will create sample users for testing deletion of unapproved users. Also, the user_cleanup.yml play will keep the vagrant user from being deleted.

Testing

This role has been fully tested with Test Kitchen using sample inventory data from this repository.
Please see TESTING.md for more details and instructions for testing.

Support This Ansible Role

The open-source code from Route 1337 LLC relies on donations. If you find this Ansible role useful, please consider supporting it through the GitHub Sponsors button.

Thank you for your support!

Informazioni sul progetto

Extremely basic user account management for Ubuntu and CentOS servers

role base system server users keys
Installa
ansible-galaxy install route1337.linux_users
GitHub repository
0 stelle
1 fork
0 problemi aperti
Licenza
mit
Download
183
Proprietario
Route 1337 LLC
Modern InfoSec, Zero Trust, and DevOps consulting for Web2 and Web3 clients.