Ansible for user management -removing dead accounts

ansible user-management
Bartosz Bilicki picture Bartosz Bilicki · May 25, 2016 · Viewed 8.5k times · Source

How to efficiently manage user accounts in Ansible? I want to keep user accounts and certificates in list.

When running playbook I would like to create every account from list (thats easy). I also want to remove accounts existing on host, but not present in list.

For now, I figured out list existing accounts awk -F: '($3 >= 1000) {printf "%s\n",$1}' /etc/passwd

and compare it with my list- removing unwanted accounts.

Is there easier way- module that does that out-of-the-box?

Answer

Dennis Winter picture Dennis Winter · Aug 11, 2017

Search for user-id > 1000 when parsing /etc/passwd and add nobody to the list of valid users. This way you're not removing any system users.

vars:
  myusers: ['nobody', 'obama', 'trump', 'clinton', 'you', 'me']

tasks:
- shell: "getent passwd | awk -F: '$3 > 1000 {print $1}'"
  register: users

- user: name={{item}} state=absent remove=yes
  with_items: users.stdout_lines
  when: item not in myusers

Remember to add nobody to your list of valid users.

Related questions

Ansible: best practice for maintaining list of sudoers

In the documentation, there is an example of using the lineinfile module to edit /etc/sudoers. - lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'" Feels a bit hackish. I assumed there …

Read More
How to create a directory using Ansible

How do you create a directory www at /srv on a Debian-based system using an Ansible playbook?

Read More
How can I pass variable to ansible playbook in the command line?

I'm new to ansible and wonder how to do so as the following didn't work ansible-playbook -i '10.0.0.1,' yada-yada.yml --tags 'loaddata' django_fixtures="tile_colors" Where django_fixtures is my variable.

Read More