Description
Describe the feature
Im looking at how best to manage our mac fleet and this cookbook provides some great resources to start with. I have some use cases I'm struggling the figure out.
- Downgrade an user account from admin to standard.
- Manage an admin account; rotate auth credentials.
Describe the reasoning behind the feature
I've noticed that if the user exists, then the user is skipped over. This works nicely for onboarding with minimal disruption, but not for managing user accounts.
The example here is that I may want to rotate the admin passwords regularly, without affecting the user's standard account.
Our initial accounts like all macs, are created as admin under the user's name. We would like to be able to downgrade that user to standard, when another admin account exists of course. This doesn't currently look possible from my testing.
I may well be missing something and there could be other ways to manage users in a more mac friendly way?
But basically I'd like to be able to converge to a known state with chef, based on what I've configured for a machine. In the two examples, this doesn't seem possible.
This may work better as two separate issues?
Thinking about how to manage password changes seems complicated and would require the admin to maintain the configuration powering said change.