Harvesting UIDs above 1000

29 views
Skip to first unread message

Joseph Alexander

unread,
Oct 20, 2020, 11:27:24 AM10/20/20
to Ansible Project
I have a task from our program security to verify all local accounts on all of our RHEL servers and turn them in. I have a working playbook, but I'm wondering if there is a better, more cleaner way to do this. 

I have a script that I place on each server that runs one command:
for i in $(awk -F: '$3 >= 1000 {print $1}' /etc/passwd); do id $i; done > results.txt

then I fetch that file and save it as the {{ ansible_fqdn }}.txt

I was thinking there has to use a template to iterate through the passwd file something like this:
{% for item in users %} 
{{ item }} {{ lookup('pipe', "id -u " + item) }}
then some type of when uid >=1000 append it to results.txt line 
{% endfor %}
 
But I just cannot find anything on google about replacing that users variable with the passwd file or something similar. I appreciate any help. I could do it the first way, but would like a cleaner solution that uses ansible rather than scripts.

Thanks!

Stefan Hornburg (Racke)

unread,
Oct 21, 2020, 2:11:30 AM10/21/20
to ansible...@googlegroups.com
On modern systems passwd file is not authoritative (LDAP, Samba). The getent utility lists all users of the system
(getent passwd) and there is a corresponding Ansible module.

So I suggest the following solution:

tasks:
- name: Retrieve user information
getent:
database: passwd
split: ':'
- name: Build list of users with uid >= 1000
set_fact:
users: "{{ users | default([]) + [item.key] }}"
when: item.value[1] | int >= 1000
with_dict:
"{{ getent_passwd }}"
- debug:
var: users

Regards
Racke

>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0637701d-a431-4757-b999-04a9b0076e7bn%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/0637701d-a431-4757-b999-04a9b0076e7bn%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

signature.asc
Reply all
Reply to author
Forward
0 new messages