Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


ugid-management (6) Versions 1.3.0

Library cookbook to manage user and group ids

cookbook 'ugid-management', '= 1.3.0'
cookbook 'ugid-management', '= 1.3.0', :supermarket
knife cookbook site install ugid-management
knife cookbook site download ugid-management
Quality 43%

UGId Management


Library cookbook to manage user and group ids. More specifically, it can apply and check that all listed uids and gids are synchronized between servers.

Moreover, it is also a wrapper around users cookbook to create users and groups with specified uids/gids.


Cookbooks and gems

Declared in metadata.rb and in Gemfile.


  • RHEL Family 7, tested on Centos

Note: it should work on any Linux system but it is only tested on Centos 7.


Quick Start

Basically, this cookbook need two data bags:

  1. one for specifying uids and gids (grouped under the name ugid) named ugids
  2. one to override user creation in packages named packages

You can find example of theses data bags in test/data_bags/ugids directory.


So in ugids, you can find the list of forced ugids. It has a simple format:

  "id": "ugids",
  "ugids": {
    "a_given_username": "its_uid:its_gid",
    "examble": "123:234",
    "an_integer_is_also_accepted_for_specifying_both": 234,
    "if_you_only_want_a_gid": ":234"

Each time a Chef resource user or group is used, it got extended with these uids and gids. If no ugid are defined, an exception is thrown, failing the Chef run.


The role of packages is to override the user creations performed in distribution packages (like deb/rpm). Its format is:

  "id": "packages",
  "packages": {
    "package_name": {
      "username": "username",
      "user_opts": {
        "extra_key": "extra_value"
      "group_opts": {
        "extra_key": "extra_value"
    "example": {
      "username": "username_to_create",
      "user_opts": {
        "home": "/var/lib/specific_home",
        "shell": "/sbin/typically-nologin"
      "group_opts": {
        "append": true

Warning: if a package does not have an user defined in this package, it is untouched by Chef. This could lead to uncontrolled users. That is why you can activate the verification (active in default recipe).


check recipe uses ugids data bag to verify if each user/group with a uid/gid greater than 200 (non system-reserved) has the correct uid/gid.

By default, all users/groups must have an ugid defined but it is possible to deactivate this behavior with node[cookbook_name]['enforce'] attribute. It is also possible to defined a whitelist (like for systemd users) with node[cookbook_name]['whitelist'] (applicable for both users and groups).


This cookbook can also configure /etc/login.defs with values defined from attributes.

Users creation

Recipe create is a wrapper around users cookbook. To use it, create a data bag users containing your users, as specified by the users cookbook. Then declare the groups you want to install in node['ugid-management']['users_manage'] attribute, as an array. Of course, ugids data bag should also include the correct information.


This cookbook is fully tested through the installation of a working node in docker.

For more information, see .kitchen.yml and test directory.


Configuration is done by overriding default attributes. All configuration keys have a default defined in attributes/default.rb. Please read it to have a comprehensive view of what and how you can configure this cookbook behavior.



Include logindefs, create, manage_before, manage_after and check (only if check is activated) in this order.


Use users cookbook (as dependency) to create groups and their associated users. User creation is controled by users_manage attribute which lists all groups that will be installed. Users should be listed in users data bag. See users cookbook for more information.


Manage /etc/login.defs with values defined in attributes.

manage_before and manage_after

Manage users (extending user/group resources with defined ugids) and packages (creating package user/group before the package to control their attributes).

The difference between manage_before and manage_after is that manage_before manages all resources which are executed before in the Chef run while manage_after managers the resources after. Combining them, like in default recipe, allows you to manage all resources independently of their positions in the run list.


Check if all users and groups are correctly defined on the system. Raise an exception and fail the Chef run if it is not the case.





Define all methods needed for user management.


Available in


Please read carefully before making a merge request.

License and Author

Copyright (c) 2016 Sam4Mobile, 2017

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

users >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.




  • fix: do not expect a gid on a whitelisted group aka you can modify a system(d) group without having to define its gid
  • fix: use true attribute instead of resource name aka you can define a true name like "create foo" for your resources
  • fix: replace ruby_block by a not-updated resource aka only one resource is always updated: log(check)


  • use .gitlab-ci.yml template [20170529]



  • Handover maintainance to
  • Set minimum chef_version to 12.14


  • Use latest template for .gitlab-ci.yml [20170405]k
  • Update dependencies in tests (cookbook & images)


  • Fix misc rubocop offenses (%i and %w stuff)


  • Add create (users) recipe: use users cookbook to create groups and their associated users. Enable by default on sysadmin group.


  • Initial version, tested on Centos 7

Collaborator Number Metric

1.3.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

License Metric

1.3.0 passed this metric

Publish Metric

1.3.0 passed this metric

Supported Platforms Metric

1.3.0 passed this metric

Testing File Metric

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must include a tag that matches this cookbook version number