taktus.users

Panoramica Versioni Approfondimenti

Ansible Role: Users

Build Status

This role helps manage users on a system.

Configuration Options

  • users_create_per_user_group (default: true) - Create a group for each user with the same name, and set it as the user's main group.
  • users_group (default: users) - If groups are not created for each user, this will be the main group for all users.
  • users_default_shell (default: /bin/bash) - The default shell for users if not specified.
  • users_create_homedirs (default: true) - Create home directories for new users. Set to false if you handle home directories in a different way.

Adding Users

To add users, create a variable called users with a list of the users you want to create. You can place this variable in group_vars/all or group_vars/groupname for specific machines.

Each user must have the following details:

  • username - The user's name.
  • name - The user's full name.
  • home - The user's home directory (optional, defaults to /home/username).
  • uid - The user's numeric ID (optional). Useful for consistency across systems.
  • gid - The group's numeric ID (optional). Defaults to the user's uid if not provided.
  • password - If provided as a hash, it will be used; otherwise, the account will be locked.
  • update_password - Can be 'always' (update if different) or 'on_create' (set only for new users).
  • group - Optional main group override.
  • groups - List of additional groups for the user.
  • append - If yes, add groups without replacing existing ones (optional).
  • profile - Custom shell profile settings.
  • ssh_key - List of SSH keys for the user (optional). Include them directly without newlines.
  • generate_ssh_key - Whether to create an SSH key for the user (optional, default is no).

Additional optional details for users:

  • shell - The user's shell (default: /bin/bash). Can be changed globally using users_default_shell.
  • is_system_user - Set to True to create a system user.

Example:

---
users:
  - username: foo
    name: Foo Bar
    groups: ['admin','systemd-journal']
    uid: 1005
    home: /local/home/foo
    profile: |
      alias ll='ls -ahl'
    ssh_key:
      - "ssh-rsa AAAAA.... foo@server"
      - "ssh-rsa AAAAB.... foo2@server"
groups_to_create:
  - name: developers
    gid: 20000

Generating Password Hashes

To create a password hash, use one of the following methods:

  • Debian/Ubuntu (with the "whois" package):

    mkpasswd --method=SHA-512 --rounds=4096

  • OpenSSL (produces less secure md5crypt):

    openssl passwd -1

  • Python (change password and salt values):

    python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALT\$')"

  • Perl (change password and salt values):

    perl -e 'print crypt("password","\$6\$SALT\$") . "\n"'

Deleting Users

The users_deleted variable lists users to remove from the system during the next Ansible run. Format is the same as for adding users, but only username is required. It’s good practice to keep the uid for reference, to avoid accidental reuse.

You can also decide to remove the user's home directory and mail spool using the remove option, and force file deletion with force.

Example:

users_deleted:
  - username: bar
    uid: 1003
    remove: yes
    force: yes

Dependencies

None.

License

MIT

Informazioni sul progetto

User management role

role management system users
Installa
ansible-galaxy install taktus.users
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
76
Proprietario