Shulou(Shulou.com)06/01 Report--

In centralized management, user management is important.

The following is my own summary of salt's user management documents.

Add a single user:

Generate password

Openssl passwd-1-salt 'linwangyi'

User.users file

[root@salt51 salt] # cat user/useradd.sls

Linwangyi:

User.present:

-fullname: linwangyi D

-shell:/bin/bash

-password:'$1$ linwangy$PMII.NL0igptfGBV0PtxI1'

-home:/home/linwangyi

-uid: 501

-gid: 501

-groups:

-linwangyi

-require:

-group:linwangyi

Group.present:

-gid: 501

Top.sls file:

[root@salt51salt] # cat top.sls

Base:

'*':

-soft_install.nginx

-soft_install.mysql

-soft_install.php

-soft_install.tomcat

-user.useradd

-user.users

-user.userpasswd

-user.userdel

-user.addsudo

-user.addgroup

-user.delgroup

Running result:

Because there are multiple .sls files, if you want to run one alone

Salt'* 'state.sls xxx

[root@salt51 salt] # salt '192.168.2.99' state.sls user.useradd

192.168.2.99:

-

ID: linwangyi

Function: group.present

Result: True

Comment: Added group linwangyi

Changes:

-

Omit

Uid:

five hundred and one

Workphone:

Summary

-

Succeeded: 2

Failed: 0

-

Total: 2

Other parameters:

Please refer to other official parameters: http://www.saltstack.cn/projects/cssug-kb/wiki/Managing_user_with_salt

User.present: make sure that the specified account name exists and specify its corresponding properties. These properties include the following:

Name: specify the name of the account to be managed.

Uid: specify uid. If not set, the next valid uid will be automatically assigned.

Gid: specifies the default group id (group id)

Gid_from_name: if set to _ True_, the default group id will be automatically set to the group id with the same name as this user

Groups: the list of groups assigned to this user (a list of groups). If the group does not exist on minion, this state will report an error. If the setting is empty, the groups to which this user belongs except the default group will be deleted

Optional_groups: a list of groups assigned to the user. If the group does not exist on minion, state ignores it.

Home: about the user's home directory (home directory).

Password: set the password after the user hash.

Enforce_password: when set to _ False_, if the set _ password_ is different from the user's original password, the original password will remain unchanged. If the _ password_ option is not set, it will be automatically ignored.

Shell: specifies the login shell of the user. The default is set to the system default shell.

Unique: UID is unique, default is True.

System: choose a random UID between _ FIRST_SYSTEM_UID_ and _ LAST_SYSTEM_UID_.

2. Add users in batches:

If you do not need to add users to the same group, you can delete the information about the group, and if you do not have the group, you can add the group first:

Users.sls file:

[root@salt51 salt] # cat user/users.sls

{% set users = ['jerry','tom','sunday']%}

{% for user in users%}

`user `:

User.present:

-shell: / bin/bash

-home: / home/ `user `

-password:'$1$ linwangy$PMII.NL0igptfGBV0PtxI1'

-gid: 501

-groups:

-linwangyi

-require:

-group: linwangyi

{% endfor%}

Running result:

[root@salt51 salt] # salt '192.168.2.99' state.sls user.users

192.168.2.99:

-

ID: jerry

Function: user.present

Result: True

Comment: New user jerry created

Changes:

-

Fullname:

Omit

Summary

-

Succeeded: 3

Failed: 0

-

Total: 3

3. Modify users in batches:

Generate password

[root@salt51 salt] # openssl passwd-1

Password:

Verifying-Password:

$1 $h7niwjpG$2nAnRib36QUr2wnfYXC4u0

Userpasswd.sls file:

[root@salt51 salt] # cat user/userpasswd.sls

{% set users = ['jerry','tom','sunday']%}

{% for user in users%}

`user `:

User.present:

-shell: / bin/bash

-password:'$1 $h7niwjpGraph 2nAnRib36QUr2wnfYXC4u0'

{% endfor%}

Running result:

[root@salt51 salt] # salt '192.168.2.99' state.sls user.userpasswd

192.168.2.99:

-

ID: jerry

Function: user.present

Result: True

Comment: Updated user jerry

Changes:

-

Passwd:

$1 $h7niwjpG$2nAnRib36QUr2wnfYXC4u0

-

Omit

-

Succeeded: 3

Failed: 0

-

Total: 3

(note: other user parameters can also be modified. )

4. Delete users in batch:

Userdel.sls file:

[root@salt51 salt] # cat user/userdel.sls

{% set users = ['jerry','tom','sunday']%}

{% for user in users%}

`user `:

User.present:

-purge: True # sets to clear the user's files (home directory)

-force: True # absent state will fail if the user is currently logged in. When the force option is set to True, the user will be deleted even if the user is currently logged in.

{% endfor%}

Running result:

View user login: (there is a user login that will be deleted)

[root@salt51 salt] # salt '192.168.2.99' status.w

192.168.2.99:

Omit

-

-idle:

18:57

-jcpu:

2:20

-login:

192.168.2.29

-pcpu:

0.03s

-tty:

Pts/0

-user:

Sunday

-what:

0.03s-bash

[root@salt51 salt] # salt '192.168.2.99' state.sls user.userdel

192.168.2.99:

-

Omit

-

ID: sunday

Function: user.absent

Result: True

Comment: Removed user sunday

Changes:

-

Sunday:

Removed

Summary

-

Succeeded: 3

Failed: 0

-

Total: 3

[root@salt51 salt] # salt '192.168.2.99' status.w

192.168.2.99:

-

-idle:

15:51

-jcpu:

1:13

-login:

-

-pcpu:

0.11s

-tty:

Tty1

-user:

Root

-what:

0.11s-bash

At the time of viewing, the Sunday user has exited, but the logged-in user is logged in the system and can also operate on the system.

5. Add sudo users:

Addsudo.sls file:

[root@salt51 salt] # cat user/addsudo.sls

/ etc/sudoers:

File.append:

-text:

-"OPER_SUPER ALL = KILL,SU,ROOT"

-"User_Alias OPER_SUPER=linwangyi"

-"Cmnd_Alias ROOT=/bin/su"

-"OPER_SUPER ALL = NOPASSWD:ROOT"

Running result:

[root@salt51 salt] # salt '192.168.2.99' state.sls user.addsudo

192.168.2.99:

-

ID: / etc/sudoers

Function: file.append

Result: True

Comment: Appended 4 lines

Changes:

-

Diff:

-

+

@ @-116pr 3 + 116pr 7 @ @

# # Read drop-in files from / etc/sudoers.d (the # here does not mean a comment)

# includedir / etc/sudoers.d

+ OPER_SUPER ALL = KILL,SU,ROOT

+ User_Alias OPER_SUPER=linwangyi

+ Cmnd_Alias ROOT=/bin/su

+ OPER_SUPER ALL = NOPASSWD:ROOT

Summary

-

Succeeded: 1

Failed: 0

-

Total: 1

6. Add user groups:

Addgroup.sls file:

[root@salt51 salt] # cat user/addgroup.sls

Devgroup:

Group.present:

-gid: 601

Yunwei:

Group.present:

-gid: 602

Running result:

[root@salt51 salt] # salt '192.168.2.99' state.sls user.addgroup

192.168.2.99:

-

ID: devgroup

Function: group.present

Omit

-

ID: yunwei

Function: group.present

Omit

Summary

-

Succeeded: 2

Failed: 0

-

Total: 2

[root@salt51 salt] # salt '192.168.2.99' cmd.run 'grep-E "(devgroup | yunwei)" / etc/group'

192.168.2.99:

Devgroup:x:601:

Yunwei:x:602:

7. Delete user groups:

Delgroup.sls file:

[root@salt51 salt] # cat user/delgroup.sls

{% set groups = ['devgroup','yunwei']%}

{% for group in groups%}

`group `:

Group.absent

{% endfor%}

Running result:

[root@salt51 salt] # salt '192.168.2.99' state.sls user.delgroup

192.168.2.99:

-

ID: devgroup

Function: group.absent

Result: True

Comment: Removed group devgroup

Changes:

-

Devgroup:

-

ID: yunwei

Function: group.absent

Result: True

Comment: Removed group yunwei

Changes:

-

Yunwei:

Summary

-

Succeeded: 2

Failed: 0

-

Total: 2

[root@salt51 salt] # salt '192.168.2.99' cmd.run 'grep-E "(devgroup | yunwei)" / etc/group'

192.168.2.99:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.