Ask Your Question
0

Lock user if they exist, but don't create them

asked 2018-04-05 20:51:49 -0600

adam.gardner gravatar image

Is there any way, in a Puppet manifest, to specify that a user should be locked if they exist, but if they don't exist, leave them absent rather than creating and then locking them?

user { 'foo':
  ensure => absent,
}

will delete the specified user account, whereas I just want to lock it.

user { 'foo':
  locked => true,
}

will lock the account as desired, but on systems where the account doesn't already exist, it'll create it in order to lock it, which isn't what I want at all.

Ideally I'd like to do this without exec, but I don't see that there's really any alternative without patching the the the provider code for user.

edit retag flag offensive close merge delete

Comments

As far as I know, this is not possible. Puppet can't manage something without it existing, and puppet doesn't make decisions. So if you say you want it locked then it will make it to lock it. Because it assumes you wouldn't try to manage something unless you wanted it to exist.

ffalor gravatar imageffalor ( 2018-04-10 08:17:57 -0600 )edit
2

You can make a custom fact to see if this account exists, and if it does set the fact to true. Then do an if on the fact. If true then lock. Else do nothing. I would just do an exec. "Lock this account" Unless "Account doesn't exist"

ffalor gravatar imageffalor ( 2018-04-10 08:18:35 -0600 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2018-05-01 07:05:05 -0600

As ffalor already pointed out, you can't do without utilizing facts.

Anyway, I can't find locked on the user resource documentation page. You presumably meant to set password => '!' (but as shadow(5) points it out, this isn't necessarily effectively “locking out” someone).

Or shell => '/usr/sbin/nologin' and/or expiry => '1970-01-01'.

Maybe on your site there is some implicit relationship determining the existence of User[foo]?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-04-05 20:51:49 -0600

Seen: 185 times

Last updated: May 01