user状态模块用于在sls文件中指定安装包的uid等属性
/usr/lib/python2.6/site-packages/salt/states/user.py
''' Management of user accounts =========================== The user module is used to create and manage user settings, users can be set as either absent or present .. code-block:: yaml fred: user.present: - fullname: Fred Jones - shell: /bin/zsh - home: /home/fred - uid: 4000 - gid: 4000 - groups: - wheel - storage - games testuser: user.absent '''
def present(name,
uid=None,
gid=None,
gid_from_name=False,
groups=None,
optional_groups=None,
remove_groups=True,
home=None,
createhome=True,
password=None,
enforce_password=True,
empty_password=False,
shell=None,
unique=True,
system=False,
fullname=None,
roomnumber=None,
workphone=None,
homephone=None,
date=None,
mindays=None,
maxdays=None,
inactdays=None,
warndays=None,
expire=None):
'''
Ensure that the named user is present with the specified properties
name
The name of the user to manage
uid
The user id to assign, if left empty then the next available user id
will be assigned
gid
The default group id
gid_from_name
If True, the default group id will be set to the id of the group with
the same name as the user.
groups
A list of groups to assign the user to, pass a list object. If a group
specified here does not exist on the minion, the state will fail.
If set to the empty list, the user will be removed from all groups
except the default group.
optional_groups
A list of groups to assign the user to, pass a list object. If a group
specified here does not exist on the minion, the state will silently
ignore it.
NOTE: If the same group is specified in both "groups" and
"optional_groups", then it will be assumed to be required and not optional.
remove_groups
Remove groups that the user is a member of that weren't specified in
the state, True by default
home
The location of the home directory to manage
createhome
If True, the home directory will be created if it doesn't exist.
Please note that directories leading up to the home directory
will NOT be created.
password
A password hash to set for the user. This field is only supported on
Linux, FreeBSD, NetBSD, OpenBSD, and Solaris.
.. versionchanged:: 0.16.0
BSD support added.
enforce_password
Set to False to keep the password from being changed if it has already
been set and the password hash differs from what is specified in the
"password" field. This option will be ignored if "password" is not
specified.
empty_password
Set to True to enable no password-less login for user
shell
The login shell, defaults to the system default shell
unique
Require a unique UID, True by default
system
Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID.
User comment field (GECOS) support (currently Linux, FreeBSD, and MacOS
only):
The below values should be specified as strings to avoid ambiguities when
the values are loaded. (Especially the phone and room number fields which
are likely to contain numeric data)
fullname
The user's full name
roomnumber
The user's room number (not supported in MacOS)
workphone
The user's work phone number (not supported in MacOS)
homephone
The user's home phone number (not supported in MacOS)
.. versionchanged:: 2014.7.0
Shadow attribute support added.
Shadow attributes support (currently Linux only):
The below values should be specified as integers.
date
Date of last change of password, represented in days since epoch
(January 1, 1970).
mindays
The minimum number of days between password changes.
maxdays
The maximum number of days between password changes.
inactdays
The number of days after a password expires before an account is
locked.
warndays
Number of days prior to maxdays to warn users.
expire
Date that account expires, represented in days since epoch (January 1,
1970).
'''
fullname = str(fullname) if fullname is not None else fullname
roomnumber = str(roomnumber) if roomnumber is not None else roomnumber
workphone = str(workphone) if workphone is not None else workphone
homephone = str(homephone) if homephone is not None else homephone
ret = {'name': name,
'changes': {},
'result': True,
'comment': 'User {0} is present and up to date'.format(name)}
if groups:
missing_groups = [x for x in groups if not __salt__['group.info'](x)]
if missing_groups:
ret['comment'] = 'The following group(s) are not present: ' \
'{0}'.format(','.join(missing_groups))
ret['result'] = False
return ret
if optional_groups:
present_optgroups = [x for x in optional_groups
if __salt__['group.info'](x)]
for missing_optgroup in [x for x in optional_groups
if x not in present_optgroups]:
log.debug('Optional group "{0}" for user "{1}" is not '
'present'.format(missing_optgroup, name))
else:
present_optgroups = None
# Log a warning for all groups specified in both "groups" and
# "optional_groups" lists.
if groups and optional_groups:
for isected in set(groups).intersection(optional_groups):
log.warning('Group "{0}" specified in both groups and '
'optional_groups for user {1}'.format(isected, name))
if gid_from_name:
gid = __salt__['file.group_to_gid'](name)
if empty_password:
__salt__['shadow.del_password'](name)
changes = _changes(name,
uid,
gid,
groups,
present_optgroups,
remove_groups,
home,
createhome,
password,
enforce_password,
empty_password,
shell,
fullname,
roomnumber,
workphone,
homephone,
date,
mindays,
maxdays,
inactdays,
warndays,
expire)
if changes:
if __opts__['test']:
ret['result'] = None
ret['comment'] = ('The following user attributes are set to be '
'changed:\n')
for key, val in changes.items():
ret['comment'] += '{0}: {1}\n'.format(key, val)
return ret
# The user is present
if 'shadow.info' in __salt__:
lshad = __salt__['shadow.info'](name)
pre = __salt__['user.info'](name)
for key, val in changes.items():
if key == 'passwd' and not empty_password:
__salt__['shadow.set_password'](name, password)
continue
if key == 'date':
__salt__['shadow.set_date'](name, date)
continue
if key == 'home' or key == 'homeDoesNotExist':
if createhome:
__salt__['user.chhome'](name, val, True)
else:
__salt__['user.chhome'](name, val, False)
continue
if key == 'mindays':
__salt__['shadow.set_mindays'](name, mindays)
continue
if key == 'maxdays':
__salt__['shadow.set_maxdays'](name, maxdays)
continue
if key == 'inactdays':
__salt__['shadow.set_inactdays'](name, inactdays)
continue
if key == 'warndays':
__salt__['shadow.set_warndays'](name, warndays)
continue
if key == 'expire':
__salt__['shadow.set_expire'](name, expire)
continue
if key == 'groups':
__salt__['user.ch{0}'.format(key)](
name, val, not remove_groups
)
else:
__salt__['user.ch{0}'.format(key)](name, val)
post = __salt__['user.info'](name)
spost = {}
if 'shadow.info' in __salt__:
if lshad['passwd'] != password:
spost = __salt__['shadow.info'](name)
# See if anything changed
for key in post:
if post[key] != pre[key]:
ret['changes'][key] = post[key]
if 'shadow.info' in __salt__:
for key in spost:
if lshad[key] != spost[key]:
ret['changes'][key] = spost[key]
if ret['changes']:
ret['comment'] = 'Updated user {0}'.format(name)
changes = _changes(name,
uid,
gid,
groups,
present_optgroups,
remove_groups,
home,
createhome,
password,
enforce_password,
empty_password,
shell,
fullname,
roomnumber,
workphone,
homephone,
date,
mindays,
maxdays,
inactdays,
warndays,
expire)
if changes:
ret['comment'] = 'These values could not be changed: {0}'.format(
changes
)
ret['result'] = False
return ret
if changes is False:
# The user is not present, make it!
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'User {0} set to be added'.format(name)
return ret
if groups and present_optgroups:
groups.extend(present_optgroups)
elif present_optgroups:
groups = present_optgroups[:]
if __salt__['user.add'](name,
uid=uid,
gid=gid,
groups=groups,
home=home,
shell=shell,
unique=unique,
system=system,
fullname=fullname,
roomnumber=roomnumber,
workphone=workphone,
homephone=homephone,
createhome=createhome):
ret['comment'] = 'New user {0} created'.format(name)
ret['changes'] = __salt__['user.info'](name)
if 'shadow.info' in __salt__ and not salt.utils.is_windows():
if password and not empty_password:
__salt__['shadow.set_password'](name, password)
spost = __salt__['shadow.info'](name)
if spost['passwd'] != password:
ret['comment'] = 'User {0} created but failed to set' \
' password to' \
' {1}'.format(name, password)
ret['result'] = False
ret['changes']['password'] = password
if date:
__salt__['shadow.set_date'](name, date)
spost = __salt__['shadow.info'](name)
if spost['lstchg'] != date:
ret['comment'] = 'User {0} created but failed to set' \
' last change date to' \
' {1}'.format(name, date)
ret['result'] = False
ret['changes']['date'] = date
if mindays:
__salt__['shadow.set_mindays'](name, mindays)
spost = __salt__['shadow.info'](name)
if spost['min'] != mindays:
ret['comment'] = 'User {0} created but failed to set' \
' minimum days to' \
' {1}'.format(name, mindays)
ret['result'] = False
ret['changes']['mindays'] = mindays
if maxdays:
__salt__['shadow.set_maxdays'](name, mindays)
spost = __salt__['shadow.info'](name)
if spost['max'] != maxdays:
ret['comment'] = 'User {0} created but failed to set' \
' maximum days to' \
' {1}'.format(name, maxdays)
ret['result'] = False
ret['changes']['maxdays'] = maxdays
if inactdays:
__salt__['shadow.set_inactdays'](name, inactdays)
spost = __salt__['shadow.info'](name)
if spost['inact'] != inactdays:
ret['comment'] = 'User {0} created but failed to set' \
' inactive days to' \
' {1}'.format(name, inactdays)
ret['result'] = False
ret['changes']['inactdays'] = inactdays
if warndays:
__salt__['shadow.set_warndays'](name, warndays)
spost = __salt__['shadow.info'](name)
if spost['warn'] != warndays:
ret['comment'] = 'User {0} created but failed to set' \
' warn days to' \
' {1}'.format(name, mindays)
ret['result'] = False
ret['changes']['warndays'] = warndays
if expire:
__salt__['shadow.set_expire'](name, expire)
spost = __salt__['shadow.info'](name)
if spost['expire'] != expire:
ret['comment'] = 'User {0} created but failed to set' \
' expire days to' \
' {1}'.format(name, expire)
ret['result'] = False
ret['changes']['expire'] = expire
else:
ret['comment'] = 'Failed to create new user {0}'.format(name)
ret['result'] = False
return ret
