[chef] Re: Locking User Accounts

Chronological Thread 
  • From: AJ Christensen < >
  • To:
  • Subject: [chef] Re: Locking User Accounts
  • Date: Mon, 1 Nov 2010 13:17:55 -0700


On 1 November 2010 12:41, Jacob Vanderdray < "> > wrote:

       I'm working on making the users cookbook work for doing more general user management.  I've created a default recipe and I've got it now adding users defined in a data bag (even if they aren't in the sysadmin group).  I want to be able to lock accounts, so I've added a "locked" attribute to the data bag entries.  I also added the following to my recipe:

 # Lock or unlock the account
 user u['id'] do
   if u['locked'] then
     action :lock
     action :unlock

       I'm not getting any errors, but when I set the lock attribute to true on an entry and run chef-client in debug mode it reports:

[Mon, 01 Nov 2010 12:20:30 -0700] DEBUG: No need to lock user[jvanderdray]

It's (supposed to be) idempotent, so you'd only receive this error when jvanderdray was locked already. What platform are you on? What does the output of `passwd -S jvanderdray` say?



Archive powered by MHonArc 2.6.16.