CHEF Setting 'Shadow' attributes on Linux users

This is just a quick blog post on something that was annoying me for a couple of hours. I needed to set the Maximum number of days between password changes AND the Minimum number of days, BUT only for userids that weren’t locked or disabled.
Of course I wanted to do this via Chef. Alas, the standard User resource currently does not have this capability so I came up with the following recipe which others may find useful :

<pre>require 'shadow'
passwdfile = node['etc']['passwd']
passwdfile.each do |user, data|
   ent = Shadow::Passwd.getspnam(user)
   execute "#{user}: Set MAX_DAYS=90" do
     command "chage -M 90 '#{user}'"
     only_if { (ent.sp_max != -1) && (ent.sp_pwdp[0] != '!' && ent.sp_pwdp[0] != '*') }
   end
   execute "#{user}: Set MIN_DAYS=1" do
     command "chage -m 1 '#{user}'"
     only_if { (ent.sp_max != -1) && (ent.sp_pwdp[0] != '!' && ent.sp_pwdp[0] != '*') }
   end
end
Here is a snippet from the corresponding chef run.

<pre>
* execute[root: Set MAX_DAYS=90] action run
- execute chage -M 90 'root'
* execute[root: Set MIN_DAYS=1] action run
- execute chage -m 1 'root'
* execute[bin: Set MAX_DAYS=90] action run (skipped due to only_if)
* execute[bin: Set MIN_DAYS=1] action run (skipped due to only_if)
* execute[daemon: Set MAX_DAYS=90] action run (skipped due to only_if)
* execute[daemon: Set MIN_DAYS=1] action run (skipped due to only_if)
.
.
etc