[chef] Re: Re: Managing users and groups - Current best practice

["John E. Vincent (lusis)" < >]

On Wed, Nov 24, 2010 at 12:45 AM, Allan Wind
<
 >
 wrote:
> If your list of users is comprehensive (users).  Then find the
> list of current users (current_users).  users - current_users
> is the new users.   current_users - users is the users that
> should be deleted (where '-' is the set minus operator).
>
> Seems like a general useful thing to diff things in Chef.  I used
> this algorithm to handle munin plugins.
>
> You might need other logic to avoid deleting users installed by
> packages (i.e. if you cannot maintain a comprehensive users
> list), and it may well be that you need to explicitly indicate
> which users to delete either via a data bag as you suggested, or
> my having a status or action per user in the users data bag.
> Unexpected users could then generate warnings/errors.  If you
> have create and modification timestmps (as in LDAP) you can
> reduce the set of data you need to look at.  LDAP also has a
> cn=changelog which you could watch for suitable events.
>
> Debian have a standard for uid ranges, not sure if this goes for
> all distributions, but it would allow you to exclude from
> consideration package created users.
>
>
> /Allan
> --
> Allan Wind
> Life Integrity, LLC
> <http://lifeintegrity.com>
>

So I wanted to share what I ended up doing. I tried a few different
methods using Set and what not. The set didn't quite work the way I
wanted so for now I'm using Array#delete_if to compare the id of users
with deleted_users. This is not the most efficient but having just
found time to dive back into it today, I went with the quickest
solution:

https://gist.github.com/732237