evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

evolinux-users: improve uid/login checks
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Jérémy Lecour 2020-12-17 15:25:48 +01:00 committed by Jérémy Lecour
parent 0b528f15da
commit 81fbd98a5f
2 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -30,6 +30,7 @@ The **patch** part changes incrementally at each release.
* apt: disable APT Periodic * apt: disable APT Periodic
* evoacme: upstream release 20.12 * evoacme: upstream release 20.12
* evocheck: upstream release 20.12 * evocheck: upstream release 20.12
* evolinux-users: improve uid/login checks
* tomcat-instance: fail if uid already exists * tomcat-instance: fail if uid already exists
### Fixed ### Fixed

44
evolinux-users/tasks/user.yml
View File

@ -2,20 +2,41 @@
# Unix account # Unix account
- fail:
msg: "You must provide a value for the 'user.name ' variable."
when: user.name is not defined or user.name == ''
- fail:
msg: "You must provide a value for the 'user.uid ' variable."
when: user.uid is not defined or user.uid == ''
- name: "Test if '{{ user.name }}' exists" - name: "Test if '{{ user.name }}' exists"
command: 'getent passwd {{ user.name }}' command: 'id -u "{{ user.name }}"'
register: loginisbusy register: get_id_from_login
failed_when: False failed_when: False
changed_when: False changed_when: False
check_mode: no check_mode: no
- name: "Test if uid exists for '{{ user.name }}'" - name: "Test if uid '{{ user.uid }}' exists"
command: 'getent passwd {{ user.uid }}' command: 'id -un -- "{{ user.uid }}"'
register: uidisbusy register: get_login_from_id
failed_when: False failed_when: False
changed_when: False changed_when: False
check_mode: no check_mode: no
# Error if
# the uid already exists
# and the user associated with this uid is not the desired user
- name: "Fail if uid already exists for another user"
fail:
msg: "Uid '{{ user.uid }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ user.name }}'"
when:
- get_login_from_id.rc == 0
- get_login_from_id.stdout != user.name
# Create/Update the user account with defined uid if
# the user doesn't already exist and the uid isn't already used
# or the user exists with the defined uid
- name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')" - name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
user: user:
state: present state: present
@ -24,11 +45,13 @@
comment: '{{ user.fullname }}' comment: '{{ user.fullname }}'
shell: /bin/bash shell: /bin/bash
password: '{{ user.password_hash }}' password: '{{ user.password_hash }}'
update_password: on_create update_password: "on_create"
when: when:
- loginisbusy.rc != 0 - (get_id_from_login.rc != 0 and get_login_from_id.rc != 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout == user.name)
- uidisbusy.rc != 0
# Create/Update the user account without defined uid if
# the user doesn't already exist but the defined uid is already used
# or another user already exists with a the same uid
- name: "Unix account for '{{ user.name }}' is present (with random uid)" - name: "Unix account for '{{ user.name }}' is present (with random uid)"
user: user:
state: present state: present
@ -36,10 +59,9 @@
comment: '{{ user.fullname }}' comment: '{{ user.fullname }}'
shell: /bin/bash shell: /bin/bash
password: '{{ user.password_hash }}' password: '{{ user.password_hash }}'
update_password: on_create update_password: "on_create"
when: when:
- loginisbusy.rc != 0 - (get_id_from_login.rc != 0 and get_login_from_id.rc == 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout != user.name)
- uidisbusy.rc == 0
- name: Is /etc/aliases present? - name: Is /etc/aliases present?
stat: stat: