Closed mike-pt closed 9 years ago
You cannot append users to a group with users_manage
. users_manage
configures the group with exactly the users it finds in the data bag.
In your case there are no matching users, therefore the group is empty afterwards. Try to explicitly use the attributes
data_bag
search_group
group_name
group_id
Example:
group "tech-admin" do
gid 2600
end
users_manage "tech_users as tech-admin" do
data_bag "tech_users"
search_group "tech-admin"
group_name "tech-admin"
group_id 2600
action [ :remove, :create ]
end
This configures the group tech-admin
(_groupname) to have all users from the data bag tech_users
(_databag) which have the group attribute tech-admin
(_searchgroup).
Do what the previous comment said, and if you need that group to have sudo access, use the sudo cookbook to add that group to /etc/sudoers
. Don't try to manage the wheel group.
You are right, we also used the sudo cookbook to add this group to /etc/sudoers
.
I see, however what I do want is to manage the wheel group, In unix its very common to create a sysadmin account, and add it to the wheel group.
the wheel group as the access I need for sudo and other parts of the system.
But I see this is not the point of this cookbook, do you guys know of any other that can manage existing users and group, the same way we would do with "usermod" and "pw" etc?`
(Note this recipe is for a FreeBSD server not linux), in the man time I will try the example, but I would prefer a different approach...
Unfortunately, no I don't, if you want to use data bags. That's is why we chose to use a separate group and add this group to /etc/sudoers
with the sudo cookbook.
Pity... I guess I can also workaround it with a custom recipe/cookbook but many thanks for clarifying how this works, I totally got the wrong idea at first :)
Feel free to close the report
I don't think I can close the issue you opened…
Lol, I meant that to the owner(s) :)
But maybe this can also be considered as a "feature request", as in "ability to manage existing groups and append users to then"
:+1:
You should use the "user" and "group" resources built into chef for that.
thanks @jtimberman I was not aware of the group resource, just found it on the docs!
@jtimberman sorry to repost here... I've used the group ressource but still resing the data bag:
users = []
search(:users, "groups:wheel").each do |u|
users = u['id']
end
group "wheel" do
action :modify
members users
append true
end
(surely can be better but for now works)
But now I would still like to add my ssh_key to the user... and from what I can tell this cookbook would be ideal for that... but the thing is I'm not sure what would be the best way... using wheel group will clean out all other users...
I tried to look into the user resource but couldn't find anything in the docs other then creating the user it self...
I mean append to the group, I've tried to do this but it always ends up removing root from wheel (this is on FreeBSD btw)
I've created the data_bag cat data_bags/users/user1.json { "id" : "user1", "comment" : "User Example", "home" : "/home/user1", "shell" : "/bin/csh", "groups" : [ "www", "wheel" ], "ssh_keys" : [ ..... ] }
I put in "site-cookbooks/my_users/recipes/default.rb" EX:
The result is that wheel is left with no users at alll, but I'm not understanding why to be honest. I also get this in chef-client output: