How to lock a user using ansible?



  • Given a username, if that user exists, lock it, otherwise keep it missing.

    The most likely module is ansible.builtin.user. There passing password: "*" and shell: "/usr/sbin/nologin" mostly achieves the lock behavior, but it also creates the user. The state property only has possible values present and absent, neither of which describes the desired behavior.

    One can obtain a fact on the user presence using ansible.builtin.getent and then conditionally use ansible.builtin.user. Is there a better way?



  • ... mostly achieves the lock behavior, but it also creates the user. The state property only has possible values present and absent ...

    Right, that would be the best approach and expected behavior.

    One can obtain a fact on the user presence using ansible.builtin.getent and then conditionally use ansible.builtin.user.

    And also right, this would be too the recommended approach.

    In other words, currently there is no possibility to configure such within one single task and if not using shell module, custom scripts or custom modules.

    Similar Q&A

    • https://serverfault.com/a/1035610/448950

Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2