{"id":19583787,"url":"https://github.com/bodsch/ansible-users","last_synced_at":"2026-03-07T11:02:32.810Z","repository":{"id":50925217,"uuid":"344147975","full_name":"bodsch/ansible-users","owner":"bodsch","description":"add or remove system users and handle ssh-keys","archived":false,"fork":false,"pushed_at":"2025-03-30T11:21:43.000Z","size":117,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-22T02:42:43.076Z","etag":null,"topics":["ansible","automation","ssh-key","user","user-management"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bodsch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-03T14:08:22.000Z","updated_at":"2025-03-30T11:21:46.000Z","dependencies_parsed_at":"2023-02-07T04:01:38.628Z","dependency_job_id":"dd271948-720e-4814-8026-669453376b50","html_url":"https://github.com/bodsch/ansible-users","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/bodsch/ansible-users","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodsch%2Fansible-users","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodsch%2Fansible-users/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodsch%2Fansible-users/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodsch%2Fansible-users/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bodsch","download_url":"https://codeload.github.com/bodsch/ansible-users/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodsch%2Fansible-users/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30212103,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T09:02:10.694Z","status":"ssl_error","status_checked_at":"2026-03-07T09:02:08.429Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","ssh-key","user","user-management"],"created_at":"2024-11-11T07:44:47.438Z","updated_at":"2026-03-07T11:02:32.793Z","avatar_url":"https://github.com/bodsch.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Ansible Role:  `users`\n\nRole to manage multiple users on linux.\n\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/bodsch/ansible-users/main.yml?branch=main)][ci]\n[![GitHub issues](https://img.shields.io/github/issues/bodsch/ansible-users)][issues]\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/bodsch/ansible-users)][releases]\n[![Ansible Downloads](https://img.shields.io/ansible/role/d/bodsch/users?logo=ansible)][galaxy]\n\n[ci]: https://github.com/bodsch/ansible-users/actions\n[issues]: https://github.com/bodsch/ansible-users/issues?q=is%3Aopen+is%3Aissue\n[releases]: https://github.com/bodsch/ansible-users/releases\n[galaxy]: https://galaxy.ansible.com/ui/standalone/roles/bodsch/users\n\nAdd users, change passwords, lock/unlock user accounts, manage sudo access (per user), add ssh key(s) for sshkey based authentication.\n\n## Operating systems\n\nTested on\n\n* Arch Linux\n* Debian based\n    - Debian 10 / 11 / 12\n    - Ubuntu 20.04 / 22.04\n\n\u003e **RedHat-based systems are no longer officially supported! May work, but does not have to.**\n\n\n\n## How to generate password\n\n* on Ubuntu - Install `whois` package\n\n```bash\nmkpasswd --method=SHA-512\n```\n\n* on RedHat - Use Python\n\n```bash\npython -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'\n```\n\n\n```bash\n# MD5 (OBSOLETE!)\nopenssl passwd -1  -salt 5RPVAd clear-text-passwd43\n\n# SHA-256\nopenssl passwd -5  -salt 5RPVAd clear-text-passwd43\n\n# SHA-512\nopenssl passwd -6  -salt 5RPVAd clear-text-passwd43\n\n# blowfish\npython -c 'import bcrypt; print(bcrypt.hashpw(b\"clear-text-passwd43\", bcrypt.gensalt(rounds=15)).decode(\"ascii\"))'\n```\n\n\n\n## Default Settings\n\n```yaml\n---\nusers_output: \"compact\"  # or: 'full' for more output\n\nusers: []\n```\n\n## User Settings\n\n\n| parameter                  | default     |               | description                                                    |\n| :------------------        | :----:      | :-----        | :-----------                                                   |\n| `username`                 |             | **required**  | username - no spaces                                           |\n| `uid`                      |             | optional      | The numerical value of the user's ID                           |\n| `state`                    | ` `         | **required**  | `present` / `absent` / `lock`                                  |\n| `password`                 | ` `         | optional      | sha512 encrypted password. If not set, password is set to `!`  |\n| `update_password`          | `always`    | optional      | `always` / `on_create`.\u003cbr\u003e**NOTE**: when `always`, password will be change to password value.\u003cbr\u003eIf you are using `always` on an **existing** users, **make sure to have the password set**. |\n| `comment`                  | ` `         | optional      | Full name and Department or description of application (But you should set this!) |\n| `group`                    | ` `         | optional      | The primary Group for the User (The group **must exist** and will **not be created**!) |\n| `groups`                   | `[]`        | optional      | A list of groups the user will be added to (appended).\u003cbr\u003eIf group doesn't exist it will be created on the specific server. This is not the primary group (primary group is not modified) |\n| `shell`                    | `/bin/bash` | optional      | path to login shell                                            |\n| `authorized_key_directory` | `-`         | optional      | path for central stored ssh key e.g. `/etc/ssh/authorized_key` |\n| `authorized_keys`          | `[]`        | optional      | a list with authorized_keys. stored in `$HOME/.ssh/authorized_keys` or under `authorized_key_directory` |\n| `ssh_keys`                 | `{}`        | optional      | dictionary with varios ssh_keys. You can use this to deploy static public or private keyfiles                   |\n| `sudo`                     | `{}`        | optional      | a dictionary with sudo settings. (see below)                                            |\n| `remove`                   | `False`     | optional      | This only affects `state=absent`, it attempts to remove directories associated with the user. |\n| `password_lock`            | `True`      | optional      |  |\n\n### `ssh_keys`\n\nIf you have to roll out static public or private SSH keys via Ansible, you can define them here.\nThe data can be available as plain text or as base64 encoded strings.\n\n\u003e **(If anyone thinks I'm using real existing SSH keys here ... sorry, you are wrong!)**\n\n```yaml\nusers:\n  - username: foo-bar\n    ssh_keys:\n      id_ed25519: |\n          -----BEGIN OPENSSH PRIVATE KEY-----\n          b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAXYpRZio\n          BDw+o+oic9MwrqAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIK6jjUFopFO9kV4G\n          WIkR0gNzpoaOgpwFFRLWKcpeG8THAAAAkHtt03xiYPgAEc7T0nEtnCjt67sN6msNP2Nxgv\n          +Fd8BANdzbYFzsMoQ45Ldja2gsOt1KAecwO+xY+5BRCA0huWCTHwbd7Y6BqCKLEpHwXWG1\n          UI4GzDt6+hD1LZSbYTFpi+LhiQ1PlrmG5eRQOXzlEAY6AziN7gajlQRsOxkmTW98DuVzWw\n          S/KVZZ/wwzyaIPYQ==\n          -----END OPENSSH PRIVATE KEY-----\n      id_ed25519.pub: ssh-ed25519 AAAAC3NzaC1lYDI1NTE5AAAAIL+LmfwIhn8kxZcyusbcITtwsAOnI1I/d/c40XnGBg7J bar.foo \u003cbar.foo@test.com\u003e\n\n      id_rsa: \"LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KaCtmZVZZQVg1Sm1EM2QvdEx6UkxUbTBmUm5CL1NVTDFFQ21jK1gwZ3dLL3UvUG4zU2RJOE0zVk9aMUJkUWJNNjkrU2oyYgozLzRRN1NsbUZObEVXaG43M2VHUFhTTTBLU1VUcGk5bFk0dVJndEhDdGYrejhsaVNBNFlvRlJKcTcxYi9JWHZ1SkUxVks1Ck5jQ3dSUFZRSGRUc0VEdG52M09lNDdFbW9XWFgzOUdFazRoQWNqV1BoeVRvZWFvSWNYTXZDbkVTMXp6SS8wQ2RsVUo2TGEKU1p4Njk2aFE0a1dPZ2k5UE0vVERHdytBRDZGbGVNTUtTK0FtalNuWHBYTjMwTzVacTFuMEhEWGd4ak55VVZ4SjdEVUNDMgpwZ2p1RHpPdDF3QUFBOGhNeC9oMlRNZjRkZ0FBQUFkemMyZ3Rjbk5oQUFBQkFRQytDRGdQYzllZnhvcWZQKzNoc0FBOFMvCm1Kb04wR2xwc2haNEZNNnVrWFdWc3RTQS9ONmJPSDU5NVZnQmZrbVlQZDMrMHZORXRPYlI5R2NIOUpRdlVRS1p6NWZTREEKcis3OCtmZEowand6ZFU1blVGMUJzenIzNUtQWnZmL2hEdEtXWVUyVVJhR2Z2ZDRZOWRJelFwSlJPbUwyVmppNUdDMGNLMQovN1B5V0pJRGhpZ1ZFbXJ2VnY4aGUrNGtUVlVyazF3TEJFOVZBZDFPd1FPMmUvYzU3anNTYWhaZGZmMFlTVGlFQnlOWStICklqNTlnck8ydldDa3JSTTd1Vk9sTUEzSnQ2ZDVkSDE4RDN5Vk5HWHB5dnVROUxXWUxWUGdvMlVUV0lVV3VHR2djVXNydVYKVm8xYm1HUTBsSnlQTkpVUmdUTnJ4dGd0emdEdUdoWWZGMzU2QVJkaHVUeXhBQUFBZ1FDT2hlMHF1bzhlakphalM0dUxydApqTkg2b1FNaWF3NGxMMkJtTWlMc3I5STdVWE5BMXZhRzl6R2J6Ym5wS3pSV0VKMWIxRExUWm42bnRMR2l1UVlCaGNuRUx5CnF3aVdrUDlqNnFZd2NtNlJ3b2tkTGMzWHkvdzdrZXluUVU5SlR4YlVtSGpLQnNKRW9YaGUyS1JVNlhDK0pLYm16cHF3M1QKbkpKcXdodVFNWjBXN3lBMzdheWtYenpLejV2Qlpac1pvekY4MEpXc3FITHBXMTh4ZCtoM1JxWDB3c1dUcjVLcUxWdEN6bgp0UzBKYTl6TXppTWp6S2Z2RDRlT0wwR3NWTXdFc042SUM1bGhkYjdBcGRHTkwyVVpzQUFBQ0JBTVZIc2EwaEFTYW01MVdUCkJkRW5HNjNJZkhwcjhFWjFBQUFBRDJKdlpITmphRUJrWVhKclkybDBlUUVDQXc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K\"\n```\n\n### `authorized_keys`\n\nTo roll out authorised_keys, a corresponding .ssh directory is created in $HOME and stored there.  \nIf it is desired that the users do not maintain their SSH keys themselves, they can also be stored in an inaccessible directory (e.g. `/etc/ssh/authorised_key`).\n\n\u003e However, the sshd must be configured accordingly **before** doing this!\n\nThe following configuration line would make sense: `AuthorizedKeysFile: /etc/ssh/authorized_keys/%u .ssh/authorized_keys`.\n\n### `sudo`\n\nA simple sudo rule can be configured for each user.\nThe emphasis is on **simple**!\n\nThe following configuration \n\n```yaml\n  - username: foo-bar\n    sudo:\n      nopassword: true\n      runas: \"ALL\"\n      commands: ALL\n```\n\nwould result in this sudoers file\n\n```bash\nfoo-bar ALL=(ALL)NOPASSWD: ALL\n```\n\nThe following configuration options are available:\n\n| parameter             | default   | type               | description                                                    |\n| :------------------   | :----:    | :-----             | :-----------                                                   |\n| `nopassword`          | `False`   | `bool`             | Whether a password will be required to run the sudo command. |\n| `runas`               | `-`       | `string`           | Specify the target user the command(s) will run as. |\n| `commands`            | `-`       | `string` or `list` | The commands allowed by the sudoers rule.\u003cbr\u003eMultiple can be added by passing a list of commands. |\n| `group`               | `-`       | `string`           | The name of the group for the sudoers rule. | \n\n## group settings\n\nIt is easily possible to assign an individual group to each user or to include them in several groups.\n\n**However, these groups must already have been created!**\n\n```yaml\nusers:\n  - username: user_01\n    state: present\n    group: users\n    groups:\n      - user_08\n      - user_15\n```\n\n\n## usage\n\nsee [molecule tests](molecule/configured/group_vars/all/vars.yml)\n\n```yaml\n- hosts: all\n  any_errors_fatal: false\n\n  vars:\n    users:\n      - username: foo-bar\n        update_password: always\n        comment: Foo Bar\n        # password: foo-barbar\n        shell: /bin/bash\n        ssh_keys:\n          id_ed25519: |\n              -----BEGIN OPENSSH PRIVATE KEY-----\n              b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAXYpRZio\n              BDw+o+oic9MwrqAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIK6jjUFopFO9kV4G\n              WIkR0gNzpoaOgpwFFRLWKcpeG8THAAAAkHtt03xiYPgAEc7T0nEtnCjt67sN6msNP2Nxgv\n              +Fd8BANdzbYFzsMoQ45Ldja2gsOt1KAecwO+xY+5BRCA0huWCTHwbd7Y6BqCKLEpHwXWG1\n              UI4GzDt6+hD1LZSbYTFpi+LhiQ1PlrmG5eRQOXzlEAY6AziN7gajlQRsOxkmTW98DuVzWw\n              S/KVZZ/wwzyaIPYQ==\n              -----END OPENSSH PRIVATE KEY-----\n          id_ed25519.pub: ssh-ed25519 AAAAC3NzaC1lYDI1NTE5AAAAIL+LmfwIhn8kxZcyusbcITtwsAOnI1I/d/c40XnGBg7J bar.foo \u003cbar.foo@test.com\u003e\n          id_rsa: \"LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KaCtmZVZZQVg1Sm1EM2QvdEx6UkxUbTBmUm5CL1NVTDFFQ21jK1gwZ3dLL3UvUG4zU2RJOE0zVk9aMUJkUWJNNjkrU2oyYgozLzRRN1NsbUZObEVXaG43M2VHUFhTTTBLU1VUcGk5bFk0dVJndEhDdGYrejhsaVNBNFlvRlJKcTcxYi9JWHZ1SkUxVks1Ck5jQ3dSUFZRSGRUc0VEdG52M09lNDdFbW9XWFgzOUdFazRoQWNqV1BoeVRvZWFvSWNYTXZDbkVTMXp6SS8wQ2RsVUo2TGEKU1p4Njk2aFE0a1dPZ2k5UE0vVERHdytBRDZGbGVNTUtTK0FtalNuWHBYTjMwTzVacTFuMEhEWGd4ak55VVZ4SjdEVUNDMgpwZ2p1RHpPdDF3QUFBOGhNeC9oMlRNZjRkZ0FBQUFkemMyZ3Rjbk5oQUFBQkFRQytDRGdQYzllZnhvcWZQKzNoc0FBOFMvCm1Kb04wR2xwc2haNEZNNnVrWFdWc3RTQS9ONmJPSDU5NVZnQmZrbVlQZDMrMHZORXRPYlI5R2NIOUpRdlVRS1p6NWZTREEKcis3OCtmZEowand6ZFU1blVGMUJzenIzNUtQWnZmL2hEdEtXWVUyVVJhR2Z2ZDRZOWRJelFwSlJPbUwyVmppNUdDMGNLMQovN1B5V0pJRGhpZ1ZFbXJ2VnY4aGUrNGtUVlVyazF3TEJFOVZBZDFPd1FPMmUvYzU3anNTYWhaZGZmMFlTVGlFQnlOWStICklqNTlnck8ydldDa3JSTTd1Vk9sTUEzSnQ2ZDVkSDE4RDN5Vk5HWHB5dnVROUxXWUxWUGdvMlVUV0lVV3VHR2djVXNydVYKVm8xYm1HUTBsSnlQTkpVUmdUTnJ4dGd0emdEdUdoWWZGMzU2QVJkaHVUeXhBQUFBZ1FDT2hlMHF1bzhlakphalM0dUxydApqTkg2b1FNaWF3NGxMMkJtTWlMc3I5STdVWE5BMXZhRzl6R2J6Ym5wS3pSV0VKMWIxRExUWm42bnRMR2l1UVlCaGNuRUx5CnF3aVdrUDlqNnFZd2NtNlJ3b2tkTGMzWHkvdzdrZXluUVU5SlR4YlVtSGpLQnNKRW9YaGUyS1JVNlhDK0pLYm16cHF3M1QKbkpKcXdodVFNWjBXN3lBMzdheWtYenpLejV2Qlpac1pvekY4MEpXc3FITHBXMTh4ZCtoM1JxWDB3c1dUcjVLcUxWdEN6bgp0UzBKYTl6TXppTWp6S2Z2RDRlT0wwR3NWTXdFc042SUM1bGhkYjdBcGRHTkwyVVpzQUFBQ0JBTVZIc2EwaEFTYW01MVdUCkJkRW5HNjNJZkhwcjhFWjFBQUFBRDJKdlpITmphRUJrWVhKclkybDBlUUVDQXc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K\"\n          id_rsa.pub: \"c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQTVWZ0Jma21ZUGQzKzB2TkV0T2JSOUdjSDlKUXZVUUtaejVmU0RBTzJlL2M1N2pzU2FoWmRmZjBZU1RpRUJ5TlkrSEpPaGRlbGMzZlE3bG1yV2ZRY05lREdNM0pSWEVuc05RSUxhbUNPNFBNNjNYIGJhckBkZm9vYmFyLmNvbQo=\"\n        sudo:\n          nopassword: true\n          runas: \"ALL\"\n          commands:\n            - ALL\n            - /bin/systemctl restart my-service\n            - /bin/systemctl reload my-service\n          group: wheel\n        state: present\n\n  roles:\n    - role: ansible-users\n```\n\n---\n\n## Author and License\n\n- Bodo Schulz\n\n## License\n\n[MIT](LICENSE)\n\n**FREE SOFTWARE, HELL YEAH!**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodsch%2Fansible-users","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbodsch%2Fansible-users","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodsch%2Fansible-users/lists"}