salt.states.user

Management of user accounts

The user module is used to create and manage user settings, users can be set as either absent or present

fred:
  user.present:
    - fullname: Fred Jones
    - shell: /bin/zsh
    - home: /home/fred
    - uid: 4000
    - gid: 4000
    - groups:
      - wheel
      - storage
      - games

testuser:
  user.absent
salt.states.user.absent(name, purge=False, force=False)

Ensure that the named user is absent

name
The name of the user to remove
purge
Set purge to True to delete all of the user's files as well as the user, Default is False.
force
If the user is logged in, the absent state will fail. Set the force option to True to remove the user even if they are logged in. Not supported in FreeBSD and Solaris, Default is False.
salt.states.user.present(name, uid=None, gid=None, gid_from_name=False, groups=None, optional_groups=None, remove_groups=True, home=None, createhome=True, password=None, enforce_password=True, empty_password=False, shell=None, unique=True, system=False, fullname=None, roomnumber=None, workphone=None, homephone=None, loginclass=None, date=None, mindays=None, maxdays=None, inactdays=None, warndays=None, expire=None)

Ensure that the named user is present with the specified properties

name
The name of the user to manage
uid
The user id to assign, if left empty then the next available user id will be assigned
gid
The default group id. Also accepts group name.
gid_from_name
If True, the default group id will be set to the id of the group with the same name as the user, Default is False.
groups
A list of groups to assign the user to, pass a list object. If a group specified here does not exist on the minion, the state will fail. If set to the empty list, the user will be removed from all groups except the default group.
optional_groups
A list of groups to assign the user to, pass a list object. If a group specified here does not exist on the minion, the state will silently ignore it.

NOTE: If the same group is specified in both "groups" and "optional_groups", then it will be assumed to be required and not optional.

remove_groups
Remove groups that the user is a member of that weren't specified in the state, Default is True.
home
The custom login directory of user. Uses default value of underlying system if not set. Notice that this directory does not have to exists. This also the location of the home directory to create if createhome is set to True.
createhome
If False, the home directory will not be created if it doesn't exist. Please note that directories leading up to the home directory will NOT be created, Default is True.
password
A password hash to set for the user. This field is only supported on Linux, FreeBSD, NetBSD, OpenBSD, and Solaris.

Changed in version 0.16.0: BSD support added.

enforce_password
Set to False to keep the password from being changed if it has already been set and the password hash differs from what is specified in the "password" field. This option will be ignored if "password" is not specified, Default is True.
empty_password
Set to True to enable password-less login for user, Default is False.
shell
The login shell, defaults to the system default shell
unique
Require a unique UID, Default is True.
system
Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID, Default is False.
loginclass
The login class, defaults to empty (BSD only)

User comment field (GECOS) support (currently Linux, BSD, and MacOS only):

The below values should be specified as strings to avoid ambiguities when the values are loaded. (Especially the phone and room number fields which are likely to contain numeric data)

fullname
The user's full name
roomnumber
The user's room number (not supported in MacOS)
workphone
The user's work phone number (not supported in MacOS)
homephone
The user's home phone number (not supported in MacOS)

Changed in version 2014.7.0: Shadow attribute support added.

Shadow attributes support (currently Linux only):

The below values should be specified as integers.

date
Date of last change of password, represented in days since epoch (January 1, 1970).
mindays
The minimum number of days between password changes.
maxdays
The maximum number of days between password changes.
inactdays
The number of days after a password expires before an account is locked.
warndays
Number of days prior to maxdays to warn users.
expire
Date that account expires, represented in days since epoch (January 1, 1970).