salt-minion-1:
----------
group:
Management of user groups
=========================
The group module is used to create and manage unix group settings, groups
can be either present or absent:
cheese:
group.present:
- gid: 7648
- system: True
- addusers:
- user1
- users2
- delusers:
- foo
cheese:
group.present:
- gid: 7648
- system: True
- members:
- foo
- bar
- user1
- user2
group.absent:
Ensure that the named group is absent
name
The name of the group to remove
group.present:
Ensure that a group is present
name
The name of the group to manage
gid
The group id to assign to the named group; if left empty, then the next
available group id will be assigned
system
Whether or not the named group is a system group. This is essentially
the '-r' option of 'groupadd'.
addusers
List of additional users to be added as a group members.
delusers
Ensure these user are removed from the group membership.
members
Replace existing group members with a list of new members.
Note: Options 'members' and 'addusers/delusers' are mutually exclusive and
can not be used together.
salt-minion-1:
----------
user:
Management of user accounts
===========================
The user module is used to create and manage user settings, users can be set
as either absent or present
fred:
user.present:
- fullname: Fred Jones
- shell: /bin/zsh
- home: /home/fred
- uid: 4000
- gid: 4000
- groups:
- wheel
- storage
- games
testuser:
user.absent
user.absent:
Ensure that the named user is absent
name
The name of the user to remove
purge
Set purge to True to delete all of the user's files as well as the user,
Default is ``False``.
force
If the user is logged in, the absent state will fail. Set the force
option to True to remove the user even if they are logged in. Not
supported in FreeBSD and Solaris, Default is ``False``.
user.present:
Ensure that the named user is present with the specified properties
name
The name of the user to manage
uid
The user id to assign, if left empty then the next available user id
will be assigned
gid
The default group id. Also accepts group name.
gid_from_name
If True, the default group id will be set to the id of the group with
the same name as the user, Default is ``False``.
groups
A list of groups to assign the user to, pass a list object. If a group
specified here does not exist on the minion, the state will fail.
If set to the empty list, the user will be removed from all groups
except the default group.
optional_groups
A list of groups to assign the user to, pass a list object. If a group
specified here does not exist on the minion, the state will silently
ignore it.
NOTE: If the same group is specified in both "groups" and
"optional_groups", then it will be assumed to be required and not optional.
remove_groups
Remove groups that the user is a member of that weren't specified in
the state, Default is ``True``.
home
The custom login directory of user. Uses default value of underlying
system if not set. Notice that this directory does not have to exists.
This also the location of the home directory to create if createhome is
set to True.
createhome
If False, the home directory will not be created if it doesn't exist.
Please note that directories leading up to the home directory
will NOT be created, Default is ``True``.
password
A password hash to set for the user. This field is only supported on
Linux, FreeBSD, NetBSD, OpenBSD, and Solaris. If the ``empty_password``
argument is set to ``True`` then ``password`` is ignored.
For Windows this is the plain text password.
Changed in version 0.16.0
BSD support added.
enforce_password
Set to False to keep the password from being changed if it has already
been set and the password hash differs from what is specified in the
"password" field. This option will be ignored if "password" is not
specified, Default is ``True``.
empty_password
Set to True to enable password-less login for user, Default is ``False``.
shell
The login shell, defaults to the system default shell
unique
Require a unique UID, Default is ``True``.
system
Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID, Default is
``False``.
loginclass
The login class, defaults to empty
(BSD only)
User comment field (GECOS) support (currently Linux, BSD, and MacOS
only):
The below values should be specified as strings to avoid ambiguities when
the values are loaded. (Especially the phone and room number fields which
are likely to contain numeric data)
fullname
The user's full name
roomnumber
The user's room number (not supported in MacOS)
workphone
The user's work phone number (not supported in MacOS)
homephone
The user's home phone number (not supported in MacOS)
Changed in version 2014.7.0
Shadow attribute support added.
Shadow attributes support (currently Linux only):
The below values should be specified as integers.
date
Date of last change of password, represented in days since epoch
(January 1, 1970).
mindays
The minimum number of days between password changes.
maxdays
The maximum number of days between password changes.
inactdays
The number of days after a password expires before an account is
locked.
warndays
Number of days prior to maxdays to warn users.
expire
Date that account expires, represented in days since epoch (January 1,
1970).
The below parameters apply to windows only:
win_homedrive (Windows Only)
The drive letter to use for the home directory. If not specified the
home directory will be a unc path. Otherwise the home directory will be
mapped to the specified drive. Must be a letter followed by a colon.
Because of the colon, the value must be surrounded by single quotes. ie:
- win_homedrive: 'U:
Changed in version 2015.5.7
Backported from 2015.8.0
win_profile (Windows Only)
The custom profile directory of the user. Uses default value of
underlying system if not set.
Changed in version 2015.5.7
Backported from 2015.8.0
win_logonscript (Windows Only)
The full path to the logon script to run when the user logs in.
Changed in version 2015.5.7
Backported from 2015.8.0
win_description (Windows Only)
A brief description of the purpose of the users account.
Changed in version 2015.5.7
Backported from 2015.8.0
