Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

ugid-management (5) Versions 1.3.0

Library cookbook to manage user and group ids

Berkshelf/Librarian
Policyfile
Knife
cookbook 'ugid-management', '= 1.3.0'
cookbook 'ugid-management', '= 1.3.0', :supermarket
knife cookbook site install ugid-management
knife cookbook site download ugid-management
README
Dependencies
Changelog
Quality

UGId Management

Description

Library cookbook to manage user and group ids. More specifically, it can apply and check that all listed uids and gids are synchronized between servers.

Moreover, it is also a wrapper around users cookbook to create users and groups with specified uids/gids.

Requirements

Cookbooks and gems

Declared in metadata.rb and in Gemfile.

Platforms

  • RHEL Family 7, tested on Centos

Note: it should work on any Linux system but it is only tested on Centos 7.

Usage

Quick Start

Basically, this cookbook need two data bags:

  1. one for specifying uids and gids (grouped under the name ugid) named ugids
  2. one to override user creation in packages named packages

You can find example of theses data bags in test/data_bags/ugids directory.

ugids

So in ugids, you can find the list of forced ugids. It has a simple format:

{
  "id": "ugids",
  "ugids": {
    "a_given_username": "its_uid:its_gid",
    "examble": "123:234",
    "an_integer_is_also_accepted_for_specifying_both": 234,
    "if_you_only_want_a_gid": ":234"
  }
}

Each time a Chef resource user or group is used, it got extended with these uids and gids. If no ugid are defined, an exception is thrown, failing the Chef run.

packages

The role of packages is to override the user creations performed in distribution packages (like deb/rpm). Its format is:

{
  "id": "packages",
  "packages": {
    "package_name": {
      "username": "username",
      "user_opts": {
        "extra_key": "extra_value"
      },
      "group_opts": {
        "extra_key": "extra_value"
      }
    },
    "example": {
      "username": "username_to_create",
      "user_opts": {
        "home": "/var/lib/specific_home",
        "shell": "/sbin/typically-nologin"
      },
      "group_opts": {
        "append": true
      }
    }
  }
}

Warning: if a package does not have an user defined in this package, it is untouched by Chef. This could lead to uncontrolled users. That is why you can activate the verification (active in default recipe).

Verification

check recipe uses ugids data bag to verify if each user/group with a uid/gid greater than 200 (non system-reserved) has the correct uid/gid.

By default, all users/groups must have an ugid defined but it is possible to deactivate this behavior with node[cookbook_name]['enforce'] attribute. It is also possible to defined a whitelist (like for systemd users) with node[cookbook_name]['whitelist'] (applicable for both users and groups).

logindefs

This cookbook can also configure /etc/login.defs with values defined from attributes.

Users creation

Recipe create is a wrapper around users cookbook. To use it, create a data bag users containing your users, as specified by the users cookbook. Then declare the groups you want to install in node['ugid-management']['users_manage'] attribute, as an array. Of course, ugids data bag should also include the correct information.

Test

This cookbook is fully tested through the installation of a working node in docker.

For more information, see .kitchen.yml and test directory.

Attributes

Configuration is done by overriding default attributes. All configuration keys have a default defined in attributes/default.rb. Please read it to have a comprehensive view of what and how you can configure this cookbook behavior.

Recipes

default

Include logindefs, create, manage_before, manage_after and check (only if check is activated) in this order.

create

Use users cookbook (as dependency) to create groups and their associated users. User creation is controled by users_manage attribute which lists all groups that will be installed. Users should be listed in users data bag. See users cookbook for more information.

logindefs

Manage /etc/login.defs with values defined in attributes.

manage_before and manage_after

Manage users (extending user/group resources with defined ugids) and packages (creating package user/group before the package to control their attributes).

The difference between manage_before and manage_after is that manage_before manages all resources which are executed before in the Chef run while manage_after managers the resources after. Combining them, like in default recipe, allows you to manage all resources independently of their positions in the run list.

check

Check if all users and groups are correctly defined on the system. Raise an exception and fail the Chef run if it is not the case.

Resources/Providers

None.

Libraries

default

Define all methods needed for user management.

Changelog

Available in CHANGELOG.md.

Contributing

Please read carefully CONTRIBUTING.md before making a merge request.

License and Author

Copyright (c) 2016 Sam4Mobile, 2017 Make.org

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

users >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Changelog

1.3.0

Main:

  • fix: do not expect a gid on a whitelisted group aka you can modify a system(d) group without having to define its gid
  • fix: use true attribute instead of resource name aka you can define a true name like "create foo" for your resources
  • fix: replace ruby_block by a not-updated resource aka only one resource is always updated: log(check)

Tests:

  • use .gitlab-ci.yml template [20170529]

1.2.0

Main:

  • Handover maintainance to Make.org
  • Set minimum chef_version to 12.14

Tests:

  • Use latest template for .gitlab-ci.yml [20170405]k
  • Update dependencies in tests (cookbook & images)

Misc:

  • Fix misc rubocop offenses (%i and %w stuff)

1.1.0

  • Add create (users) recipe: use users cookbook to create groups and their associated users. Enable by default on sysadmin group.

1.0.0

  • Initial version, tested on Centos 7

Collaborator Number Metric
            

1.3.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

License Metric
            

1.3.0 passed this metric

Publish Metric
            

1.3.0 passed this metric

Supported Platforms Metric
            

1.3.0 passed this metric

Testing File Metric
            

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number