MrPointy's journey designing, building and deploying private clouds

CHEF: setting user attributes on Linux users

2014-07-21

This is just a quick blog post on something that was annoying me for a couple of hours.
I needed to set the Maximum number of days between password changes AND the Minimum number of days, BUT only for userids that weren’t locked or disabled.
Of course I wanted to do this via Chef.

Alas, the standard User resource currently does not have this capability so I came up with the following recipe which others may find useful :

lang=chef
1
2
3
4
5
6
7
8
9
10
11
12
13
require 'shadow'
passwdfile = node['etc']['passwd']
passwdfile.each do |user, data|
ent = Shadow::Passwd.getspnam(user)
execute "#{user}: Set MAX_DAYS=90" do
command "chage -M 90 '#{user}'"
only_if { (ent.sp_max != -1) && (ent.sp_pwdp[0] != '!' && ent.sp_pwdp[0] != '*') }
end
execute "#{user}: Set MIN_DAYS=1" do
command "chage -m 1 '#{user}'"
only_if { (ent.sp_max != -1) && (ent.sp_pwdp[0] != '!' && ent.sp_pwdp[0] != '*') }
end
end

Here is a snippet from the corresponding chef run.

1
2
3
4
5
6
7
8
9
10
11
* execute[root: Set MAX_DAYS=90] action run
- execute chage -M 90 'root'
* execute[root: Set MIN_DAYS=1] action run
- execute chage -m 1 'root'
* execute[bin: Set MAX_DAYS=90] action run (skipped due to only_if)
* execute[bin: Set MIN_DAYS=1] action run (skipped due to only_if)
* execute[daemon: Set MAX_DAYS=90] action run (skipped due to only_if)
* execute[daemon: Set MIN_DAYS=1] action run (skipped due to only_if)
.
.
etc