[chef] User management - what's your solution?

[Steffen Gebert < >]

Hi,

as I'm about to introduce Chef at a second organization, I want to do
one thing right from the beginning: (Linux) User management.

What's your way to do that?

In my first project, we

* use opscode's users cookbook to bring accounts + ssh keys from
sysadmins to all clients.

* for some cookbooks, we use fnichol's user. IIRC because back then only
there it was possible to add more than one SSH key and it looked pretty
nice (and it still does)

* still lack a clean solution for sudo management. Sysadmins are allowed
to sudo everywhere, but here and there other users should also be able
to. Having either a sub-entry in the user's data bag with hostnames of
the servers with sudo permissions, or a hosts data bag listing all
sudo-allowed users sounds convenient to me.

* haven't thought about managing users with access to a particular vhost
(we have the concept that there's a user exampleorg responsible for
example.org and all people with access should get their SSH key deployed
into exampleorg's authorized_keys).

Having re-read user and user's README gives me the impression that after
pretty much thinking this should be possible with opscode's user CB
(except the sudo thing, which IMHO only works with the additional hosts
data bag).

So what's your solution? Do you rely only on opscode's user CB? Do you
know any resources covering this topic and presenting a good solution?

Thanks a lot for your feedback!

Steffen