Create distinct initial login group for each user account created #32

Closed
wants to merge 1 commit into
from

Projects

None yet

2 participants

@davidc-donorschoose

This change implements the adduser behavior when using the -U, --user-group flag:

  • If a user account is added, a group of the same name will be added.
  • The group gid will be taken from the data_bag item.

As your cookbook is implemented, a gid can only be used in a data_bag item if it already exists in /etc/group. I couldn't see how to create a group using your recipes (I may just be dumb, though).

With my change, your cookbook create a distinct initial login group for each user account that it creates. In fact, the gid must not exist if the uid does not exist -- this is bad for folks doing something like a wheel group for all sysadmin users. An attempt to reuse a gid or to not supply one leads to failure.

It would be wonderful if you could generalize this somehow. I realize that my change won't support every use case, so you may not want to use my change directly. In system builds such as ours, an application installation user account is always in a default group of the same name. E.g., apache:apache, tomcat:tomcat, postgres:postgres, etc.

Thanks for a very useful cookbook,
David Crane
davidc@donorschoose.org

@theckman
Collaborator
theckman commented Nov 5, 2016

@davidc-donorschoose I've just become a collaborator on this project. Sorry for the delay. I think that we now have this functionality in the user cookbook. I'm going to close this PR at this time. If you think some of these changes are still needed, please rebase and open a new PR.

@theckman theckman closed this Nov 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment