chef - [chef] Re: User Management

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: User Management

From: ANGELA EBIRIM < >
To:
Subject: [chef] Re: User Management
Date: Wed, 25 Mar 2015 15:02:03 +0000 (GMT)

Hi,

Does anyone know how to extract the list of current users on a node?

I've been interrogating the OHAI attributes of a node (I'm sure it would be a node attribute) but can't find it.

Many thanks

Sent from iCloud

On Mar 18, 2015, at 04:50 AM, ANGELA EBIRIM < > wrote:

Hi Jake,

Many thanks for this tip. It worked and saved me a lot of bother!

Regards
Sent from iCloud
On Mar 17, 2015, at 03:10 PM, Jake Plimack < > wrote:
you can easily manage your users by group using `users_manage`
https://github.com/opscode-cookbooks/users

what I think you mean is that chef will pick up on changes manually made to a server and mutate the data bags accordingly. updating data bags from the script seems unnecessary, and creates a situation where there is no source of truth. is it windows? unix? chef (databags)? ldap/AD? if you're not using ldap, stick to data bags. You are probably creating race conditions and security holes that could end up in a very screwed up state.... like 1 box getting rooted, my user deleted or a privileged user created, and then you're fubar. I'm personally more interested in the users that I didn't make that are not service users, those I'd like to know about and probably purge.

If you just mean that if a user that should be there gets deleted and you want it recreated, then that is also provided for you by users_manage out of the box. Every chef run will check that the user exists and perform whatever actions specified for users of the group provided to users_manage.

all you'll need is a users databag (see examples from the readme) and to put users into a group "users-that-should-exist"

users_manage 'users-that-should-exist' do
action :create
done

and if you have a list of users you want removed
users_manage 'delete-these-users'
action :remove
end
On Tue, Mar 17, 2015 at 3:46 PM, ANGELA EBIRIM < " data-mce-href="mailto: "> > wrote:
Hello everyone,

Wondering if I can pick your collective brains...

I have a situation where users are created and deleted on a chef server using a ruby script that would add/remove encrypted databags accordingly. However I'd like a situation where the creation/deletion of users, on windows and linux boxes, is completely automated.

For example, if a user is deleted, the recipe compares the userlist on chef with the members of the sysadmin group on unix to see who is missing. Once that is determined, within the recipe, the user resource is then applied to the unix box according to the now modified userlist.

What do you think?

Thanks Angela
Sent from iCloud

[chef] User Management, ANGELA EBIRIM, 03/17/2015
- [chef] Re: User Management, Jake Plimack, 03/17/2015
  - [chef] Re: User Management, ANGELA EBIRIM, 03/18/2015
    - [chef] Re: User Management, ANGELA EBIRIM, 03/25/2015
      - [chef] Re: Re: User Management, Daniel DeLeo, 03/25/2015
        
        [chef] Re: Re: User Management, ANGELA EBIRIM, 03/25/2015