Removing a user from a group using Ansible and the USER module
3,087 views
Skip to first unread message
Alan Harkleroad
Jun 1, 2016, 9:43:57 AM6/1/16
to Ansible Project
Good morning. I am trying to run a test case where I can edit a users groups using a playbook in Ansible on CENTOS 6.7
Ansible version 1.9.2 currently installed.
After thorough research of other postes and the user module itself I dont see any ways to take a group out of a users profile only remove the user in entirety or add groups
We had a user lose a access level, so we have to deprecate his permission set to the wheel group until such time as he gains the required need to be back in the associated group. Below is the basic playbook I used to make the test case. I want to try it against my test case to remove the group before taking it to a live account status on our test range.
---
- hosts: test
sudo: yes
tasks:
- name: Create a test user for trials
user: name=testuser1
group=some-group
groups=wheel,cdrom,additional groups
password=somehasedpassword
shell=/bin/bash
state=present
append=yes
Now I know i can set the state to absent and that removes the user entirely. But I dont want to do that, we dont need to remove his system access, just the elevated privilege grouping. I have run a test case where I removed wheel in the playbook under groups but it still shows in a groups query on the test user.
Any help is appreciated. I am sure it is something simple I over looked.
Ansible version 1.9.2 currently installed.
After thorough research of other postes and the user module itself I dont see any ways to take a group out of a users profile only remove the user in entirety or add groups
We had a user lose a access level, so we have to deprecate his permission set to the wheel group until such time as he gains the required need to be back in the associated group. Below is the basic playbook I used to make the test case. I want to try it against my test case to remove the group before taking it to a live account status on our test range.
---
- hosts: test
sudo: yes
tasks:
- name: Create a test user for trials
user: name=testuser1
group=some-group
groups=wheel,cdrom,additional groups
password=somehasedpassword
shell=/bin/bash
state=present
append=yes
Now I know i can set the state to absent and that removes the user entirely. But I dont want to do that, we dont need to remove his system access, just the elevated privilege grouping. I have run a test case where I removed wheel in the playbook under groups but it still shows in a groups query on the test user.
Any help is appreciated. I am sure it is something simple I over looked.
Kai Stian Olstad
Jun 1, 2016, 10:09:09 AM6/1/16
to ansible...@googlegroups.com
On 01.06.2016 15:42, Alan Harkleroad wrote:
> ---
> - hosts: test
> sudo: yes
> tasks:
> - name: Create a test user for trials
> user: name=testuser1
> group=some-group
> groups=wheel,cdrom,additional groups
> password=somehasedpassword
> shell=/bin/bash
> state=present
> append=yes
>
>
> Now I know i can set the state to absent and that removes the user
> entirely. But I dont want to do that, we dont need to remove his system
> access, just the elevated privilege grouping. I have run a test case
> where
> I removed wheel in the playbook under groups but it still shows in a
> groups
> query on the test user.
>
> Any help is appreciated. I am sure it is something simple I over
> looked.
According to the documentation you need append=no for that feature.
> ---
> - hosts: test
> sudo: yes
> tasks:
> - name: Create a test user for trials
> user: name=testuser1
> group=some-group
> groups=wheel,cdrom,additional groups
> password=somehasedpassword
> shell=/bin/bash
> state=present
> append=yes
>
>
> Now I know i can set the state to absent and that removes the user
> entirely. But I dont want to do that, we dont need to remove his system
> access, just the elevated privilege grouping. I have run a test case
> where
> I removed wheel in the playbook under groups but it still shows in a
> groups
> query on the test user.
>
> Any help is appreciated. I am sure it is something simple I over
> looked.
--
Kai Stian Olstad
Alan Harkleroad
Jun 1, 2016, 10:50:54 AM6/1/16
to Ansible Project, ansible-pr...@olstad.com
Thank you very much. That worked. Now on to more complex tasks. Got to learn to crawl before you can walk. I used it from my test case to my live production and the expected result did what we wanted.
Reply all
Reply to author
Forward
0 new messages