Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
# (c) 2012, Stephen Fromm <>
# This file is part of Ansible
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <>.
import json
except ImportError:
import simplejson as json
import os
import pwd
2012-03-27 20:43:36 +00:00
import grp
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
import shlex
import spwd
import subprocess
import sys
USERADD = "/usr/sbin/useradd"
USERMOD = "/usr/sbin/usermod"
USERDEL = "/usr/sbin/userdel"
def debug(msg):
# ansible ignores stderr, so it's safe to use for debug
print >>sys.stderr, msg
def exit_json(rc=0, **kwargs):
if 'name' in kwargs:
debug("add user info to exit_json")
print json.dumps(kwargs)
def fail_json(**kwargs):
kwargs['failed'] = True
exit_json(rc=1, **kwargs)
def add_user_info(kwargs):
name = kwargs['name']
if user_exists(name):
kwargs['state'] = 'present'
info = user_info(name)
kwargs['uid'] = info[2]
2012-03-27 20:43:36 +00:00
kwargs['group'] = info[3]
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
kwargs['comment'] = info[4]
kwargs['home'] = info[5]
kwargs['shell'] = info[6]
kwargs['createhome'] = os.path.exists(info[5])
2012-03-28 21:12:35 +00:00
groups = user_group_membership(name)
if len(groups) > 0:
kwargs['groups'] = groups
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
kwargs['state'] = 'absent'
return kwargs
def user_del(user, **kwargs):
cmd = [USERDEL]
for key in kwargs:
if key == 'force' and kwargs[key]:
elif key == 'remove' and kwargs[key]:
debug("Arguments to userdel: %s" % (" ".join(cmd)))
rc =, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if rc == 0:
return True
return False
def user_add(user, **kwargs):
cmd = [USERADD]
for key in kwargs:
if key == 'uid' and kwargs[key] is not None:
2012-03-27 20:43:36 +00:00
elif key == 'group' and kwargs[key] is not None:
2012-03-28 21:12:35 +00:00
if not group_exists(kwargs[key]):
2012-03-27 20:43:36 +00:00
fail_json(msg="Group %s does not exist" % (kwargs[key]))
2012-03-28 21:12:35 +00:00
elif key == 'groups' and kwargs[key] is not None:
for g in kwargs[key].split(','):
if not group_exists(g):
fail_json(msg="Group %s does not exist" % (g))
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
elif key == 'comment' and kwargs[key] is not None:
elif key == 'home' and kwargs[key] is not None:
elif key == 'shell' and kwargs[key] is not None:
elif key == 'password' and kwargs[key] is not None:
elif key == 'createhome':
if kwargs[key] is not None:
if kwargs[key] == 'yes':
debug("Arguments to useradd: %s" % (" ".join(cmd)))
rc =, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if rc == 0:
return True
return False
def user_mod(user, **kwargs):
cmd = [USERMOD]
info = user_info(user)
for key in kwargs:
if key == 'uid':
if kwargs[key] is not None and info[2] != int(kwargs[key]):
2012-03-27 20:43:36 +00:00
elif key == 'group' and kwargs[key] is not None:
2012-03-28 21:12:35 +00:00
if not group_exists(kwargs[key]):
2012-03-27 20:43:36 +00:00
fail_json(msg="Group %s does not exist" % (kwargs[key]))
2012-03-28 21:12:35 +00:00
ginfo = group_info(group)
if info[3] != ginfo[2]:
elif key == 'groups' and kwargs[key] is not None:
for g in kwargs[key].split(','):
if not group_exists(g):
fail_json(msg="Group %s does not exist" % (g))
groups = ",".join(user_group_membership(user))
if groups != kwargs[key]:
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
elif key == 'comment':
if kwargs[key] is not None and info[4] != kwargs[key]:
elif key == 'home':
if kwargs[key] is not None and info[5] != kwargs[key]:
elif key == 'shell':
if kwargs[key] is not None and info[6] != kwargs[key]:
elif key == 'password':
if kwargs[key] is not None and info[1] != kwargs[key]:
2012-03-28 21:12:35 +00:00
elif key == 'append':
if kwargs[key] is not None and kwargs[key] == 'yes':
if 'groups' in kwargs and kwargs['groups'] is not None:
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
# skip if no changes to be made
if len(cmd) == 1:
return False
debug("Arguments to usermod: %s" % (" ".join(cmd)))
rc =, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if rc == 0:
return True
return False
2012-03-27 20:43:36 +00:00
def group_exists(group):
if group.isdigit():
if grp.getgrgid(group):
return True
if grp.getgrnam(group):
return True
except KeyError:
return False
def group_info(group):
if not group_exists(group):
return False
if group.isdigit():
return list(grp.getgrgid(group))
return list(grp.getgrnam(group))
2012-03-28 21:12:35 +00:00
def user_group_membership(user):
groups = []
info = get_pwd_info(user)
for group in grp.getgrall():
if user in group[3] and info[3] != group[2]:
return groups
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
def user_exists(user):
if pwd.getpwnam(user):
return True
except KeyError:
return False
2012-03-28 21:12:35 +00:00
def get_pwd_info(user):
if not user_exists(user):
return False
return list(pwd.getpwnam(user))
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
def user_info(user):
if not user_exists(user):
return False
2012-03-28 21:12:35 +00:00
info = get_pwd_info(user)
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
sinfo = spwd.getspnam(user)
except KeyError:
return False
info[1] = sinfo[1]
return info
# ===========================================
if not os.path.exists(USERADD):
if os.path.exists("/sbin/useradd"):
USERADD = "/sbin/useradd"
fail_json(msg="Cannot find useradd")
if not os.path.exists(USERMOD):
if os.path.exists("/sbin/usermod"):
USERMOD = "/sbin/usermod"
fail_json(msg="Cannot find usermod")
if not os.path.exists(USERDEL):
if os.path.exists("/sbin/userdel"):
USERDEL = "/sbin/userdel"
fail_json(msg="Cannot find userdel")
argfile = sys.argv[1]
args = open(argfile, 'r').read()
items = shlex.split(args)
if not len(items):
fail_json(msg='the module requires arguments -a')
params = {}
for x in items:
(k, v) = x.split("=")
params[k] = v
state = params.get('state','present')
name = params.get('name', None)
uid = params.get('uid', None)
2012-03-27 20:43:36 +00:00
group = params.get('group', None)
2012-03-28 21:12:35 +00:00
groups = params.get('groups', None)
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
comment = params.get('comment', None)
home = params.get('home', None)
shell = params.get('shell', None)
password = params.get('password', None)
# ===========================================
# following options are specific to userdel
force = params.get('force', False)
remove = params.get('remove', False)
# ===========================================
# following options are specific to useradd
createhome = params.get('createhome', 'yes')
2012-03-28 21:12:35 +00:00
# ===========================================
# following options are specific to usermod
append = params.get('append', 'no')
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
if state not in [ 'present', 'absent' ]:
fail_json(msg='invalid state')
if createhome not in [ 'yes', 'no' ]:
fail_json(msg='invalid createhome')
2012-03-28 21:12:35 +00:00
if append not in [ 'yes', 'no' ]:
fail_json(msg='invalid append')
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
if name is None:
fail_json(msg='name is required')
changed = False
rc = 0
if state == 'absent':
if user_exists(name):
changed = user_del(name, force=force, remove=remove)
exit_json(name=name, changed=changed, force=force, remove=remove)
elif state == 'present':
if not user_exists(name):
2012-03-28 21:12:35 +00:00
changed = user_add(name, uid=uid, group=group, groups=groups,
comment=comment, home=home, shell=shell,
password=password, createhome=createhome)
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
2012-03-28 21:12:35 +00:00
changed = user_mod(name, uid=uid, group=group, groups=groups,
comment=comment, home=home, shell=shell,
password=password, append=append)
Add user module to create, modify, and delete user accounts
This relies on useradd, usermod, and userdel utilities on the system.
The argument name is required; if state is not provided, present is
assumed. Other options supported for creating or modifying an existing
account: uid, gid, comment, home, shell, and password. If managing the
password, it must already be encrypted. When creating an account, you
can also provide the argument createhome to control whether the home
directory is created. Arguments supported for deleting an account are:
force (remove account even if user is logged in) and remove (remove home
2012-03-22 18:21:41 +00:00
if password is not None:
exit_json(name=name, changed=changed, password="XXXXXXXX")
exit_json(name=name, changed=changed)
fail_json(name=name, msg='Unexpected position reached')