Manage user accounts and user attributes.
- useradd
- userdel
- usermod
parameter | required | default | choices | comments |
---|---|---|---|---|
append |
no | no |
|
If yes , will only add groups, not set them to just the list in groups. |
comment |
no | Optionally sets the description (aka GECOS) of user account. | ||
createhome |
no | yes |
|
Unless set to no , a home directory will be made for the user when the account is created or if the home directory does not exist. |
expires (added in 1.9) |
no | None | An expiry time for the user in epoch, it will be ignored on platforms that do not support this. Currently supported on Linux and FreeBSD. | |
force |
no | no |
|
When used with state=absent , behavior is as with userdel --force . |
generate_ssh_key |
no | no |
|
Whether to generate a SSH key for the user in question. This will not overwrite an existing SSH key. |
group |
no | Optionally sets the user's primary group (takes a group name). | ||
groups |
no | Puts the user in this comma-delimited list of groups. When set to the empty string ('groups='), the user is removed from all groups except the primary group. | ||
home |
no | Optionally set the user's home directory. | ||
login_class |
no | Optionally sets the user's login class for FreeBSD, OpenBSD and NetBSD systems. | ||
move_home |
no | no |
|
If set to yes when used with home= , attempt to move the user's home directory to the specified directory if it isn't there already. |
name |
yes | Name of the user to create, remove or modify. aliases: user | ||
non_unique |
no | no |
|
Optionally when used with the -u option, this option allows to change the user ID to a non-unique value. |
password |
no | Optionally set the user's password to this crypted value. See the user example in the github examples directory for what this looks like in a playbook. See http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module for details on various ways to generate these password values. Note on Darwin system, this value has to be cleartext. Beware of security issues. | ||
remove |
no | no |
|
When used with state=absent , behavior is as with userdel --remove . |
seuser (added in 2.1) |
no | Optionally sets the seuser type (user_u) on selinux enabled systems. | ||
shell |
no | Optionally set the user's shell. | ||
skeleton (added in 2.0) |
no | Optionally set a home skeleton directory. Requires createhome option! | ||
ssh_key_bits |
no | 2048 | Optionally specify number of bits in SSH key to create. | |
ssh_key_comment |
no | ansible-generated on $HOSTNAME | Optionally define the comment for the SSH key. | |
ssh_key_file |
no | .ssh/id_rsa | Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. | |
ssh_key_passphrase |
no | Set a passphrase for the SSH key. If no passphrase is provided, the SSH key will default to having no passphrase. | ||
ssh_key_type |
no | rsa | Optionally specify the type of SSH key to generate. Available SSH key types will depend on implementation present on target host. | |
state |
no | present |
|
Whether the account should exist or not, taking action if the state is different from what is stated. |
system |
no | no |
|
When creating an account, setting this to yes makes the user a system account. This setting cannot be changed on existing users. |
uid |
no | Optionally sets the UID of the user. | ||
update_password (added in 1.3) |
no | always |
|
always will update passwords if they differ. on_create will only set the password for newly created users. |
# Add the user 'johnd' with a specific uid and a primary group of 'admin' - user: name=johnd comment="John Doe" uid=1040 group=admin # Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups - user: name=james shell=/bin/bash groups=admins,developers append=yes # Remove the user 'johnd' - user: name=johnd state=absent remove=yes # Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa - user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa # added a consultant whose account you want to expire - user: name=james18 shell=/bin/zsh groups=developers expires=1422403387
For more information on what this means please read Core Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.