Forge Home

Modules

Resources

PuppetEcosystemPuppet CommunityUpdates

accounts

Account management module.
Project URLRSS FeedReport issues

923,819 downloads

195 latest version

4.1 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 8.2.0 (latest)
  • 8.1.1
  • 8.1.0
  • 8.0.0
  • 7.3.1
  • 7.3.0
  • 7.2.0
  • 7.1.1
  • 7.1.0
  • 7.0.2
  • 7.0.1
  • 7.0.0
  • 6.4.0
  • 6.3.0
  • 6.2.0
  • 6.1.1
  • 6.1.0 (deleted)
  • 6.0.0
  • 5.0.0
  • 4.2.0
  • 4.1.0
  • 4.0.0
  • 3.2.0
  • 3.1.0
  • 3.0.0
  • 2.0.0
  • 1.3.0
  • 1.2.1
  • 1.2.0
  • 1.1.0
  • 1.0.0
released Dec 8th 2015
This version is compatible with:
  • Puppet Enterprise >= 2015.3.0 < 2015.4.0
  • Puppet >= 4.0.0 < 5.0.0
  • , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppetlabs-accounts', '1.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetlabs-accounts
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetlabs-accounts --version 1.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppetlabs/accounts — version 1.0.0 Dec 8th 2015

accounts

Table of Contents

  1. Description
  2. Setup - The basics of getting started with accounts
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

The accounts module manages resources related to login and service accounts. This module replaces Puppet Enterprise's built-in pe_accounts module, which was removed from PE 2015.3 and later.

This module works on many UNIX/Linux operating systems. It does not support configuring accounts on Microsoft Windows platforms.

Setup

Beginning with accounts

Declare the accounts class in a Puppet-managed node's manifest:

node default {
  accounts::user { 'dan': }
  accounts::user { 'morgan': }
}

The above example creates accounts, home directories, and groups for Dan and Morgan.

Usage

Declare user accounts

accounts::user { 'bob':
  uid      => 4001,
  gid      => 4001,
  shell    => '/bin/bash',
  password => '!!',
  sshkeys  => "ssh-rsa AAAA...",
  locked   => false,
}

Customize the home directory

A simple bashrc and bash_profile rc file is managed by Puppet for each account. These rc files add some simple aliases, update the prompt, add ~/bin to the path, and source the following files (which are not managed by this module) in the following order:

  1. /etc/bashrc
  2. /etc/bashrc.puppet
  3. ~/.bashrc.custom

Account holders can customize their shells by managing their bashrc.custom files. In addition, the system administrator can make profile changes that affect all accounts with a bash shell by managing the /etc/bashrc.puppet file.

Lock accounts

Lock accounts by setting the locked parameter of an account to true.

For example:

accounts::user { 'villain':
  comment => 'Bad Person',
  locked  => true
}

The accounts module sets the account to an invalid shell appropriate for the system Puppet is managing and displays the following message if a user tries to access the account:

$ ssh villain@centos56
This account is currently not available.
Connection to 172.16.214.129 closed.

Manage SSH keys

Manage SSH keys with the sshkeys attribute of the accounts::user define. This parameter accepts an array of public key contents as strings.

Example:

accounts::user { 'jeff':
  comment => 'Jeff McCune',
  groups  => [
    'admin',
    'sudonopw',
  ],
  uid     => '1112',
  gid     => '1112',
  sshkeys => [
    'ssh-rsa AAAAB3Nza...== jeff@puppetlabs.com',
    'ssh-dss AAAAB3Nza...== jeff@metamachine.net',
  ],
}

Reference

Define: accounts::user

This resource manages the user, group, .vim/, .ssh/, .bash_profile, .bashrc, homedir, .ssh/authorized_keys files and directories.

bashrc_content

The content to place in the user's ~/.bashrc file. Default: undef

bash_profile_content

The content to place in the user's ~/.bash_profile file. Default: undef

comment

A comment describing or regarding the user. Accepts a string. Default to $name.

ensure

Specifies whether the user, its primary group, homedir, and ssh keys should exist. Valid values are present and absent. Defaults to present. Note that when a user is created, a group with the same name as the user is also created. Default 'present'.

gid

Specifies the gid of the user's primary group. Must be specified numerically. Default undef.

groups

Specifies the user's group memberships. Valid values: an array. Default: an empty array.

home

Specifies the path to the user's home directory. Default: /home/$name on linux and /export/home/$name on Solaris for non-root users, and /root on linux and / on Solaris for the root user.

home_mode

Manages the user's home directory permission mode. Valid values are in octal notation, specified as a string. Defaults to '0700', which gives the owner full read, write, and execute permissions, while group and other have no permissions.

locked

Whether the account should be locked and the user prevented from logging in. Set to true for users whose login privileges have been revoked. Valid values: true, false. Default: false.

managehome

Whether the user's home directory should be managed by puppet. In addition to the usual user resource managehome qualities, this attribute also purges the user's homedir if ensure is set to absent and managehome is set to true. Default: true.

membership

Whether specified groups should be considered the complete list (inclusive) or the minimum list (minimum) of groups to which the user belongs. Valid values: 'inclusive', 'minimum'. Default: 'minimum'.

password

The user's password, in whatever encrypted format the local machine requires. Defaults to '!!', which prevents the user from logging in with a password.

shell

Manages the user shell. Default: '/bin/bash'.

sshkeys

An array of SSH public keys associated with the user. These should be complete public key strings that include the type and name of the key, exactly as the key would appear in its id_rsa.pub or id_dsa.pub file. Must be an array. Defaults to an empty array.

uid

Specifies the user's uid number. Must be specified numerically. Default: undef.

Limitations

This module works with Puppet Enterprise 2015.3 and later.

Changes from pe_accounts

The accounts module is designed to take the place of the pe_accounts module that shipped with PE 2015.2 and earlier. Some of the changes include the removal of the base class, improving the validation, and allowing more flexibility for which files should or should not be managed in a user's home directory. For example, the .bashrc and .bash_profile files are not managed by default but allow custom content to be passed in using the bashrc_content and bash_profile_content parameters. The content for these two files as managed by pe_accounts may continue to be used by passing bashrc_content => file('accounts/shell/bashrc') and bash_profile_content => file('accounts/shell/bash_profile') to the accounts::user type.

Development

If you run into an issue with this module, or if you would like to request a feature, please file a ticket.

If you have problems getting this module up and running, please contact Support.