Skip to content
Snippets Groups Projects

Users

https://travis-ci.org/adarnimrod/users.svg?branch=master

An Ansible role to create users, groups, email aliases, configure sudo and lock down root account SSH access. The intended use case is to replace setting up an LDAP or NIS server. The role also installs sudo and creates a sudoers group that can use sudo with a password. A password is also set if provided. For generating the password hash needed, under Debian run: echo MyPassword | mkpasswd -m sha-512 -s and under OpenBSD run: echo MyPassword | encrypt. If provided, email alias and SSH authorized keys are set. If users_lock_root_ssh is set to True (by default it is) then SSH root login is disabled. Another use case is to manage system users, for example to disable the local root login add root to the users variable with the password *************, setting an email address will also set mail forwarding.

Requirements

See meta/main.yml and assertions at the top of tasks/main.yml.

Role Variables

See defaults/main.yml.

Dependencies

See meta/main.yml.

Example Playbook

See tests/playbook.yml.

Testing

Testing requires Python 2.7, Vagrant and Virtualbox. Install the Python dependencies, dependent roles and roles required for testing:

pip install -r tests/requirements.txt
ansible-galaxy install git+file://$(pwd),$(git rev-parse --abbrev-ref HEAD) -p .molecule/roles
molecule dependency

To run the full test suite:

pre-commit run --all-files
molecule test --platform all

License

This software is licensed under the MIT license (see the LICENSE.txt file).

Author Information

Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/git/.