标签:user
user状态模块用于在sls文件中指定安装包的uid等属性
/usr/lib/python2.6/site-packages/salt/states/user.py
‘‘‘ Management of user accounts =========================== The user module is used to create and manage user settings, users can be set as either absent or present .. code-block:: yaml fred: user.present: - fullname: Fred Jones - shell: /bin/zsh - home: /home/fred - uid: 4000 - gid: 4000 - groups: - wheel - storage - games testuser: user.absent ‘‘‘
def present(name, uid=None, gid=None, gid_from_name=False, groups=None, optional_groups=None, remove_groups=True, home=None, createhome=True, password=None, enforce_password=True, empty_password=False, shell=None, unique=True, system=False, fullname=None, roomnumber=None, workphone=None, homephone=None, date=None, mindays=None, maxdays=None, inactdays=None, warndays=None, expire=None): ‘‘‘ Ensure that the named user is present with the specified properties name The name of the user to manage uid The user id to assign, if left empty then the next available user id will be assigned gid The default group id gid_from_name If True, the default group id will be set to the id of the group with the same name as the user. groups A list of groups to assign the user to, pass a list object. If a group specified here does not exist on the minion, the state will fail. If set to the empty list, the user will be removed from all groups except the default group. optional_groups A list of groups to assign the user to, pass a list object. If a group specified here does not exist on the minion, the state will silently ignore it. NOTE: If the same group is specified in both "groups" and "optional_groups", then it will be assumed to be required and not optional. remove_groups Remove groups that the user is a member of that weren‘t specified in the state, True by default home The location of the home directory to manage createhome If True, the home directory will be created if it doesn‘t exist. Please note that directories leading up to the home directory will NOT be created. password A password hash to set for the user. This field is only supported on Linux, FreeBSD, NetBSD, OpenBSD, and Solaris. .. versionchanged:: 0.16.0 BSD support added. enforce_password Set to False to keep the password from being changed if it has already been set and the password hash differs from what is specified in the "password" field. This option will be ignored if "password" is not specified. empty_password Set to True to enable no password-less login for user shell The login shell, defaults to the system default shell unique Require a unique UID, True by default system Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID. User comment field (GECOS) support (currently Linux, FreeBSD, and MacOS only): The below values should be specified as strings to avoid ambiguities when the values are loaded. (Especially the phone and room number fields which are likely to contain numeric data) fullname The user‘s full name roomnumber The user‘s room number (not supported in MacOS) workphone The user‘s work phone number (not supported in MacOS) homephone The user‘s home phone number (not supported in MacOS) .. versionchanged:: 2014.7.0 Shadow attribute support added. Shadow attributes support (currently Linux only): The below values should be specified as integers. date Date of last change of password, represented in days since epoch (January 1, 1970). mindays The minimum number of days between password changes. maxdays The maximum number of days between password changes. inactdays The number of days after a password expires before an account is locked. warndays Number of days prior to maxdays to warn users. expire Date that account expires, represented in days since epoch (January 1, 1970). ‘‘‘ fullname = str(fullname) if fullname is not None else fullname roomnumber = str(roomnumber) if roomnumber is not None else roomnumber workphone = str(workphone) if workphone is not None else workphone homephone = str(homephone) if homephone is not None else homephone ret = {‘name‘: name, ‘changes‘: {}, ‘result‘: True, ‘comment‘: ‘User {0} is present and up to date‘.format(name)} if groups: missing_groups = [x for x in groups if not __salt__[‘group.info‘](x)] if missing_groups: ret[‘comment‘] = ‘The following group(s) are not present: ‘ ‘{0}‘.format(‘,‘.join(missing_groups)) ret[‘result‘] = False return ret if optional_groups: present_optgroups = [x for x in optional_groups if __salt__[‘group.info‘](x)] for missing_optgroup in [x for x in optional_groups if x not in present_optgroups]: log.debug(‘Optional group "{0}" for user "{1}" is not ‘ ‘present‘.format(missing_optgroup, name)) else: present_optgroups = None # Log a warning for all groups specified in both "groups" and # "optional_groups" lists. if groups and optional_groups: for isected in set(groups).intersection(optional_groups): log.warning(‘Group "{0}" specified in both groups and ‘ ‘optional_groups for user {1}‘.format(isected, name)) if gid_from_name: gid = __salt__[‘file.group_to_gid‘](name) if empty_password: __salt__[‘shadow.del_password‘](name) changes = _changes(name, uid, gid, groups, present_optgroups, remove_groups, home, createhome, password, enforce_password, empty_password, shell, fullname, roomnumber, workphone, homephone, date, mindays, maxdays, inactdays, warndays, expire) if changes: if __opts__[‘test‘]: ret[‘result‘] = None ret[‘comment‘] = (‘The following user attributes are set to be ‘ ‘changed:\n‘) for key, val in changes.items(): ret[‘comment‘] += ‘{0}: {1}\n‘.format(key, val) return ret # The user is present if ‘shadow.info‘ in __salt__: lshad = __salt__[‘shadow.info‘](name) pre = __salt__[‘user.info‘](name) for key, val in changes.items(): if key == ‘passwd‘ and not empty_password: __salt__[‘shadow.set_password‘](name, password) continue if key == ‘date‘: __salt__[‘shadow.set_date‘](name, date) continue if key == ‘home‘ or key == ‘homeDoesNotExist‘: if createhome: __salt__[‘user.chhome‘](name, val, True) else: __salt__[‘user.chhome‘](name, val, False) continue if key == ‘mindays‘: __salt__[‘shadow.set_mindays‘](name, mindays) continue if key == ‘maxdays‘: __salt__[‘shadow.set_maxdays‘](name, maxdays) continue if key == ‘inactdays‘: __salt__[‘shadow.set_inactdays‘](name, inactdays) continue if key == ‘warndays‘: __salt__[‘shadow.set_warndays‘](name, warndays) continue if key == ‘expire‘: __salt__[‘shadow.set_expire‘](name, expire) continue if key == ‘groups‘: __salt__[‘user.ch{0}‘.format(key)]( name, val, not remove_groups ) else: __salt__[‘user.ch{0}‘.format(key)](name, val) post = __salt__[‘user.info‘](name) spost = {} if ‘shadow.info‘ in __salt__: if lshad[‘passwd‘] != password: spost = __salt__[‘shadow.info‘](name) # See if anything changed for key in post: if post[key] != pre[key]: ret[‘changes‘][key] = post[key] if ‘shadow.info‘ in __salt__: for key in spost: if lshad[key] != spost[key]: ret[‘changes‘][key] = spost[key] if ret[‘changes‘]: ret[‘comment‘] = ‘Updated user {0}‘.format(name) changes = _changes(name, uid, gid, groups, present_optgroups, remove_groups, home, createhome, password, enforce_password, empty_password, shell, fullname, roomnumber, workphone, homephone, date, mindays, maxdays, inactdays, warndays, expire) if changes: ret[‘comment‘] = ‘These values could not be changed: {0}‘.format( changes ) ret[‘result‘] = False return ret if changes is False: # The user is not present, make it! if __opts__[‘test‘]: ret[‘result‘] = None ret[‘comment‘] = ‘User {0} set to be added‘.format(name) return ret if groups and present_optgroups: groups.extend(present_optgroups) elif present_optgroups: groups = present_optgroups[:] if __salt__[‘user.add‘](name, uid=uid, gid=gid, groups=groups, home=home, shell=shell, unique=unique, system=system, fullname=fullname, roomnumber=roomnumber, workphone=workphone, homephone=homephone, createhome=createhome): ret[‘comment‘] = ‘New user {0} created‘.format(name) ret[‘changes‘] = __salt__[‘user.info‘](name) if ‘shadow.info‘ in __salt__ and not salt.utils.is_windows(): if password and not empty_password: __salt__[‘shadow.set_password‘](name, password) spost = __salt__[‘shadow.info‘](name) if spost[‘passwd‘] != password: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ password to‘ ‘ {1}‘.format(name, password) ret[‘result‘] = False ret[‘changes‘][‘password‘] = password if date: __salt__[‘shadow.set_date‘](name, date) spost = __salt__[‘shadow.info‘](name) if spost[‘lstchg‘] != date: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ last change date to‘ ‘ {1}‘.format(name, date) ret[‘result‘] = False ret[‘changes‘][‘date‘] = date if mindays: __salt__[‘shadow.set_mindays‘](name, mindays) spost = __salt__[‘shadow.info‘](name) if spost[‘min‘] != mindays: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ minimum days to‘ ‘ {1}‘.format(name, mindays) ret[‘result‘] = False ret[‘changes‘][‘mindays‘] = mindays if maxdays: __salt__[‘shadow.set_maxdays‘](name, mindays) spost = __salt__[‘shadow.info‘](name) if spost[‘max‘] != maxdays: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ maximum days to‘ ‘ {1}‘.format(name, maxdays) ret[‘result‘] = False ret[‘changes‘][‘maxdays‘] = maxdays if inactdays: __salt__[‘shadow.set_inactdays‘](name, inactdays) spost = __salt__[‘shadow.info‘](name) if spost[‘inact‘] != inactdays: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ inactive days to‘ ‘ {1}‘.format(name, inactdays) ret[‘result‘] = False ret[‘changes‘][‘inactdays‘] = inactdays if warndays: __salt__[‘shadow.set_warndays‘](name, warndays) spost = __salt__[‘shadow.info‘](name) if spost[‘warn‘] != warndays: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ warn days to‘ ‘ {1}‘.format(name, mindays) ret[‘result‘] = False ret[‘changes‘][‘warndays‘] = warndays if expire: __salt__[‘shadow.set_expire‘](name, expire) spost = __salt__[‘shadow.info‘](name) if spost[‘expire‘] != expire: ret[‘comment‘] = ‘User {0} created but failed to set‘ ‘ expire days to‘ ‘ {1}‘.format(name, expire) ret[‘result‘] = False ret[‘changes‘][‘expire‘] = expire else: ret[‘comment‘] = ‘Failed to create new user {0}‘.format(name) ret[‘result‘] = False return ret
本文出自 “Linux SA John” 博客,请务必保留此出处http://john88wang.blog.51cto.com/2165294/1651263
标签:user
原文地址:http://john88wang.blog.51cto.com/2165294/1651263