accounts.md 1.38 KB
Newer Older
1
2
# `sys::accounts`

3
4
5
6
7
8
Create user accounts.

`attributes/accounts.rb`  
`recipes/accounts.rb`  
`tests/roles/sys_accounts_test.rb`  

9
## Standard user ressource attributes
10

11
12
Attributes are set beneath `node['sys']['accounts'][_username_]`.
It wraps the `user` resources, thus supports all of its options.
13

14
### Example
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

    :sys => {
      :accounts => {
        :kirk => {
          :uid => 1111,
          :shell => '/bin/bash'
        },
        :spock => {
          :system => true
        },
        :sulu => {
          :action => :remove
        },
        :uhura => {
          :home => '/home/uhura',
          :password => '$6$M4oxTop4k/2kd1nmrsiZdFfzKr1Q/',
31
          :manage_home => true
32
33
34
35
        }
      }
    }

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

## Non-standard attributes

`sys::accounts` supports additional attributes:

### Remote access

`node['sys'}['accounts'][_username_]['remote']` will add a rule
to `/etc/security/access.conf` cf. `recipes/pam.rb`, eg:

    sys: {
      accounts: {
        picard: {
          remote: 'ALL'
        }
        riker: {
          remote: 'ncc.1701.de'
        }
      }
    }

### sudo permissions

`node['sys'}['accounts'][_username_]['sudo']` will add a rule
to `/etc/sudoers.d/localadmin` cf. `recipes/sudo.rb`, eg:

    sys: {
      accounts: {
        q: {
          sudo: 'NOPASSWD: ALL'
        }
        picard: {
          sudo: '/sbin/shutdown'
        }
      }
    }