Another approach occurs that does not require the Perl Crazy Glue:
- name: grab passwd entries for this host
shell: cat /etc/passwd'
register: passwd
- name: lock unknown users
user: name={{ item.split(':').0 }} password='!!'
when: item.split(':').0 not in known_users
and item.split(':').2|int > 499
with_items: passwd.stdout_lines
- name: lock out unknown users
command: rm -rf {{ item.split(':').5 }}/.ssh
when: item.split(':').0 not in known_users
and item.split(':').2|int > 499
with_items: passwd.stdout_lines
Kahlil (Kal) Hodgson GPG: C9A02289
Head of Technology (m) +61 (0) 4 2573 0382
DealMax Pty Ltd (w) +61 (0) 3 9008 5281
Suite 1415
401 Docklands Drive
Docklands VIC 3008 Australia
"All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore,
if you can't get them together again, there must be a reason. By all
means, do not use a hammer." -- IBM maintenance manual, 1925
On 10 December 2013 22:46, Jürgen Haas <[email protected]> wrote:
> Here is the Ansible role on github.com:
> https://github.com/jurgenhaas/ansible-user-management
>
> It can be executed as a role, e.g. like this:
>
> - name: "Manage Users"
> hosts: "all"
> connection: ssh
> gather_facts: false
> sudo: yes
> roles:
> - users
>
> Enjoy!
>
> My plan is to further enhance that role so that it is going to become the
> full user management role including the creation of user accounts and
> management of ssh keys plus many more ideas hopefully to come.
>
> Am Dienstag, 10. Dezember 2013 10:22:06 UTC+1 schrieb Jürgen Haas:
>>
>> Great, that works. And with $F[5] we also get the home directory for each
>> user. So I'll see if I can turn that into a default playbook for general us
>> as Michael DeHaan suggested.
>>
>> Am Montag, 9. Dezember 2013 21:31:32 UTC+1 schrieb Kahlil Hodgson:
>>>
>>> On 9 December 2013 19:51, Jürgen Haas <[email protected]> wrote:
>>> > cat /etc/passwd | perl -ane -F: 'print $F[0],"\n" if $F[2] > 499'
>>> >
>>> > Generates the following error message:
>>> >
>>> > Warning: Use of "-F" without parentheses is ambiguous at -e line 1.
>>> > syntax error at -e line 1, near "F:"
>>> > Execution of -e aborted due to compilation errors.
>>>
>>> cat /etc/passwd | perl -aF: -ne 'print $F[0],"\n" if $F[2] > 499'
>>>
>>> Arghh! -e must precede the expression -- yesterday was not a good day.
>>>
>>> K
>>>
>>> Kahlil (Kal) Hodgson GPG: C9A02289
>>> Head of Technology (m) +61 (0) 4 2573 0382
>>> DealMax Pty Ltd (w) +61 (0) 3 9008 5281
>>>
>>> Suite 1415
>>> 401 Docklands Drive
>>> Docklands VIC 3008 Australia
>>>
>>> "All parts should go together without forcing. You must remember that
>>> the parts you are reassembling were disassembled by you. Therefore,
>>> if you can't get them together again, there must be a reason. By all
>>> means, do not use a hammer." -- IBM maintenance manual, 1925
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
