Manage user accounts and user attributes.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| append | no | no |
| If yes, will only add groups, not set them to just the list in groups. |
| comment | no | Optionally sets the description (aka GECOS) of user account. |
||
| createhome | no | yes |
| Unless set to no, a home directory will be made for the user when the account is created or if the home directory does not exist. |
| expires (added in 1.9)
| no | None | An expiry time for the user in epoch, it will be ignored on platforms that do not support this. Currently supported on Linux and FreeBSD. |
|
| force | no | no |
| When used with state=absent, behavior is as with userdel --force. |
| generate_ssh_key | no | no |
| Whether to generate a SSH key for the user in question. This will not overwrite an existing SSH key. |
| group | no | Optionally sets the user's primary group (takes a group name). |
||
| groups | no | Puts the user in this comma-delimited list of groups. When set to the empty string ('groups='), the user is removed from all groups except the primary group. |
||
| home | no | Optionally set the user's home directory. |
||
| login_class | no | Optionally sets the user's login class for FreeBSD, OpenBSD and NetBSD systems. |
||
| move_home | no | no |
| If set to yes when used with home=, attempt to move the user's home directory to the specified directory if it isn't there already. |
| name | yes |
Name of the user to create, remove or modify. aliases: user
|
||
| non_unique | no | no |
| Optionally when used with the -u option, this option allows to change the user ID to a non-unique value. |
| password | no | Optionally set the user's password to this crypted value. See the user example in the github examples directory for what this looks like in a playbook. See http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module for details on various ways to generate these password values. Note on Darwin system, this value has to be cleartext. Beware of security issues. |
||
| remove | no | no |
| When used with state=absent, behavior is as with userdel --remove. |
| seuser (added in 2.1)
| no | Optionally sets the seuser type (user_u) on selinux enabled systems. |
||
| shell | no | Optionally set the user's shell. |
||
| skeleton (added in 2.0)
| no | Optionally set a home skeleton directory. Requires createhome option! |
||
| ssh_key_bits | no | default set by ssh-keygen | Optionally specify number of bits in SSH key to create. |
|
| ssh_key_comment | no | ansible-generated on $HOSTNAME | Optionally define the comment for the SSH key. |
|
| ssh_key_file | no | .ssh/id_rsa | Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. |
|
| ssh_key_passphrase | no | Set a passphrase for the SSH key. If no passphrase is provided, the SSH key will default to having no passphrase. |
||
| ssh_key_type | no | rsa | Optionally specify the type of SSH key to generate. Available SSH key types will depend on implementation present on target host. |
|
| state | no | present |
| Whether the account should exist or not, taking action if the state is different from what is stated. |
| system | no | no |
| When creating an account, setting this to yes makes the user a system account. This setting cannot be changed on existing users. |
| uid | no | Optionally sets the UID of the user. |
||
| update_password (added in 1.3)
| no | always |
| always will update passwords if they differ. on_create will only set the password for newly created users. |
# Add the user 'johnd' with a specific uid and a primary group of 'admin' - user: name=johnd comment="John Doe" uid=1040 group=admin # Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups - user: name=james shell=/bin/bash groups=admins,developers append=yes # Remove the user 'johnd' - user: name=johnd state=absent remove=yes # Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa - user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa # added a consultant whose account you want to expire - user: name=james18 shell=/bin/zsh groups=developers expires=1422403387
For more information on what this means please read Core Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.
© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/user_module.html