{"id":15181172,"url":"https://github.com/firebase/chef-user","last_synced_at":"2025-10-01T22:31:40.517Z","repository":{"id":66068689,"uuid":"46154909","full_name":"firebase/chef-user","owner":"firebase","description":"A convenient Chef LWRP to manage user accounts and SSH keys","archived":true,"fork":true,"pushed_at":"2015-09-23T13:50:14.000Z","size":779,"stargazers_count":4,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-09-28T17:01:35.682Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://fnichol.github.io/chef-user","language":"Ruby","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"fnichol/chef-user","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/firebase.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-14T00:52:07.000Z","updated_at":"2023-01-28T00:44:37.000Z","dependencies_parsed_at":"2023-02-19T22:15:30.212Z","dependency_job_id":null,"html_url":"https://github.com/firebase/chef-user","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fchef-user","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fchef-user/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fchef-user/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fchef-user/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/firebase","download_url":"https://codeload.github.com/firebase/chef-user/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234909076,"owners_count":18905503,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-27T17:00:33.892Z","updated_at":"2025-10-01T22:31:40.218Z","avatar_url":"https://github.com/firebase.png","language":"Ruby","readme":"# \u003ca name=\"title\"\u003e\u003c/a\u003e User Chef Cookbook\n\n[![Build Status](https://secure.travis-ci.org/fnichol/chef-user.png?branch=master)](http://travis-ci.org/fnichol/chef-user)\n\n## \u003ca name=\"description\"\u003e\u003c/a\u003e Description\n\nA convenient Chef LWRP to manage user accounts and SSH keys. This is **not**\nthe Opscode *users* cookbook.\n\n* Website: http://fnichol.github.io/chef-user/\n* Opscode Community Site: http://community.opscode.com/cookbooks/user\n* Source Code: https://github.com/fnichol/chef-user\n\n## \u003ca name=\"usage\"\u003e\u003c/a\u003e Usage\n\nSimply include this cookbook as a dependency in `metadata.rb` and the `user_account`\nresource will be available. Example:\n\n    # In your_cookbook/metadata.rb\n    depends 'user'\n\n    # In your_cookbook/recipes/default.rb\n    user_account 'hsolo' do\n        ssh_keygen true\n    end\n\nTo use `recipe[user::data_bag]`, include it in your run\\_list and have a\ndata bag called `\"users\"` with an item like the following:\n\n    {\n      \"id\"        : \"hsolo\",\n      \"comment\"   : \"Han Solo\",\n      \"home\"      : \"/opt/hoth/hsolo\",\n      \"groups\"    : [\"admin\", \"www-data\"],\n      \"ssh_keys\"  : [\"123...\", \"456...\"]\n    }\n\nor a user to be removed:\n\n    {\n      \"id\"      : \"lando\",\n      \"action\"  : \"remove\"\n    }\n\nIf you have a username containing a period, use a dash in the data bag item\nand set a `username` attribute:\n\n    {\n      \"id\"        : \"luke-skywalker\",\n      \"username\"  : \"luke.skywalker\",\n      \"action\"    : [\"create\", \"lock\"]\n    }\n\nThe data bag recipe will iterate through a list of usernames defined in\n`node['users']` (by default) and attempt to pull in the user's information\nfrom the data bag item. In other words, having:\n\n    node['users'] = ['hsolo', 'lando', 'luke.skywalker']\n\nwill set up the `hsolo` user information and not use the `lando` user\ninformation.\n\n## \u003ca name=\"requirements\"\u003e\u003c/a\u003e Requirements\n\n### \u003ca name=\"requirements-chef\"\u003e\u003c/a\u003e Chef\n\nTested on 0.10.8 but newer and older version should work just fine. File an\n[issue][issues] if this isn't the case.\n\n### \u003ca name=\"requirements-platform\"\u003e\u003c/a\u003e Platform\n\nThe following platforms have been tested with this cookbook, meaning that the\nrecipes run on these platforms without error:\n\n* ubuntu\n* debian\n* mac_os_x\n\n### \u003ca name=\"requirements-cookbooks\"\u003e\u003c/a\u003e Cookbooks\n\nThere are **no** external cookbook dependencies.\n\n## \u003ca name=\"installation\"\u003e\u003c/a\u003e Installation\n\nDepending on the situation and use case there are several ways to install\nthis cookbook. All the methods listed below assume a tagged version release\nis the target, but omit the tags to get the head of development. A valid\nChef repository structure like the [Opscode repo][chef_repo] is also assumed.\n\n### \u003ca name=\"installation-platform\"\u003e\u003c/a\u003e From the Community Site\n\nTo install this cookbook from the Community Site, use the *knife* command:\n\n    knife cookbook site install user\n\n### \u003ca name=\"installation-berkshelf\"\u003e\u003c/a\u003e Using Berkshelf\n\n[Berkshelf][berkshelf] is a cookbook dependency manager and development\nworkflow assistant. To install Berkshelf:\n\n    cd chef-repo\n    gem install berkshelf\n    berks init\n\nTo use the Community Site version:\n\n    echo \"cookbook 'user'\" \u003e\u003e Berksfile\n    berks install\n\nOr to reference the Git version:\n\n    repo=\"fnichol/chef-user\"\n    latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \\\n    | ruby -rjson -e '\n      j = JSON.parse(STDIN.read);\n      puts j.map { |t| t[\"ref\"].split(\"/\").last }.sort.last\n    ')\n    cat \u003e\u003e Berksfile \u003c\u003cEND_OF_BERKSFILE\n    cookbook 'user',\n      :git =\u003e 'git://github.com/$repo.git', :branch =\u003e '$latest_release'\n    END_OF_BERKSFILE\n    berks install\n\n### \u003ca name=\"installation-librarian\"\u003e\u003c/a\u003e Using Librarian-Chef\n\n[Librarian-Chef][librarian] is a bundler for your Chef cookbooks.\nTo install Librarian-Chef:\n\n    cd chef-repo\n    gem install librarian\n    librarian-chef init\n\nTo use the Opscode platform version:\n\n    echo \"cookbook 'user'\" \u003e\u003e Cheffile\n    librarian-chef install\n\nOr to reference the Git version:\n\n    repo=\"fnichol/chef-user\"\n    latest_release=$(curl -s https://api.github.com/repos/$repo/git/refs/tags \\\n    | ruby -rjson -e '\n      j = JSON.parse(STDIN.read);\n      puts j.map { |t| t[\"ref\"].split(\"/\").last }.sort.last\n    ')\n    cat \u003e\u003e Cheffile \u003c\u003cEND_OF_CHEFFILE\n    cookbook 'user',\n      :git =\u003e 'git://github.com/$repo.git', :ref =\u003e '$latest_release'\n    END_OF_CHEFFILE\n    librarian-chef install\n\n## \u003ca name=\"recipes\"\u003e\u003c/a\u003e Recipes\n\n### \u003ca name=\"recipes-default\"\u003e\u003c/a\u003e default\n\nThis recipe is a no-op and does nothing.\n\n### \u003ca name=\"recipes-data-bag\"\u003e\u003c/a\u003e data_bag\n\nProcesses a list of users with data drawn from a data bag. The default data bag\nis `users` and the list of user accounts to create on this node is set on\n`node['users']`.\n\n## \u003ca name=\"attributes\"\u003e\u003c/a\u003e Attributes\n\n### \u003ca name=\"attributes-home-root\"\u003e\u003c/a\u003e home_root\n\nThe default parent path of a user's home directory. Each resource can override\nthis value which varies by platform. Generally speaking, the default value is\n`\"/home\"`.\n\n### \u003ca name=\"attributes-default-shell\"\u003e\u003c/a\u003e default_shell\n\nThe default user shell given to a user. Each resource can override this value\nwhich varies by platform. Generally speaking, the default value is\n`\"/bin/bash\"`.\n\n### \u003ca name=\"attributes-home-dir-mode\"\u003e\u003c/a\u003e home_dir_mode\n\nThe default Unix permissions applied to a user's home directory.\n\nThe default is `\"2755\"`.\n\n### \u003ca name=\"attributes-manage-home\"\u003e\u003c/a\u003e manage_home\n\nWhether of not to manage the home directory of a user by default. Each resource\ncan override this value. The are 2 valid states:\n\n* `\"true\"`, `true`, or `\"yes\"`: will manage the user's home directory.\n* `\"false\"`, `false`, or `\"no\"`: will not manage the user's home directory.\n\nThe default is `true`.\n\n### \u003ca name=\"attributes-non-unique\"\u003e\u003c/a\u003e non_unique\n\nWhether of not to allow the creation of a user account with a duplicate UID.\nEach resource can override this value. The are 2 valid states:\n\n* `\"true\"`, `true`, or `\"yes\"`: will allow duplicate UIDs.\n* `\"false\"`, `false`, or `\"no\"`: will not allow duplicate UIDs.\n\nThe default is `false`.\n\n### \u003ca name=\"attributes-create-user-group\"\u003e\u003c/a\u003e create_group\n\nWhether or not to to create a group with the same name as the user by default.\nEach resource can override this value. The are 2 valid states:\n\n* `\"true\"`, `true`, or `\"yes\"`: will create a group for the user by default.\n* `\"false\"`, `false`, or `\"no\"`: will not create a group for the user by default.\n\nThe default is `true`.\n\n### \u003ca name=\"attributes-ssh-keygen\"\u003e\u003c/a\u003e ssh_keygen\n\nWhether or not to generate an SSH keypair for the user by default. Each\nresource can override this value. There are 2 valid states:\n\n* `\"true\"`, `true`, or `\"yes\"`: will generate an SSH keypair when the account\n  is created.\n* `\"false\"`, `false`, or `\"no\"`: will not generate an SSH keypair when the account\n  is created.\n\nThe default is `true`.\n\n### \u003ca name=\"attributes-data-bag-name\"\u003e\u003c/a\u003e data_bag_name\n\nThe data bag name containing a group of user account information. This is used\nby the `data_bag` recipe to use as a database of user accounts.\n\nThe default is `\"users\"`.\n\n### \u003ca name=\"attributes-user-array-node-attr\"\u003e\u003c/a\u003e user_array_node_attr\n\nThe node attributes containing an array of users to be managed. If a nested\nhash in the node's attributes is required, then use a `/` between subhashes.\nFor example, if the users' array is stored in `node['system']['accounts']`),\nthen set `node['user']['user_array_node_attr']` to `\"system/accounts\"`.\n\nThe default is `\"users\"`.\n\n## \u003ca name=\"lwrps\"\u003e\u003c/a\u003e Resources and Providers\n\n### \u003ca name=\"lwrps-ua\"\u003e\u003c/a\u003e user_account\n\n**Note:** in order to use the `password` attribute, you must have the\n[ruby-shadow gem][ruby-shadow_gem] installed. On Debian/Ubuntu you can get\nthis by installing the \"libshadow-ruby1.8\" package.\n\n### \u003ca name=\"lwrps-ua-actions\"\u003e\u003c/a\u003e Actions\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAction\u003c/th\u003e\n      \u003cth\u003eDescription\u003c/th\u003e\n      \u003cth\u003eDefault\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ecreate\u003c/td\u003e\n      \u003ctd\u003e\n        Create the user, its home directory, \u003ccode\u003e.ssh/authorized_keys\u003c/code\u003e,\n        and \u003ccode\u003e.ssh/{id_rsa,id_rsa.pub}\u003c/code\u003e.\n      \u003c/td\u003e\n      \u003ctd\u003eYes\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eremove\u003c/td\u003e\n      \u003ctd\u003eRemove the user account.\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003emodify\u003c/td\u003e\n      \u003ctd\u003eModify the user account.\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003emanage\u003c/td\u003e\n      \u003ctd\u003eManage the user account.\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003elock\u003c/td\u003e\n      \u003ctd\u003eLock the user's password.\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eunlock\u003c/td\u003e\n      \u003ctd\u003eUnlock the user's password.\u003c/td\u003e\n      \u003ctd\u003e\u0026nbsp;\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### \u003ca name=\"lwrps-ua-attributes\"\u003e\u003c/a\u003e Attributes\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eAttribute\u003c/th\u003e\n      \u003cth\u003eDescription\u003c/th\u003e\n      \u003cth\u003eDefault Value\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eusername\u003c/td\u003e\n      \u003ctd\u003e\u003cb\u003eName attribute:\u003c/b\u003e The name of the user.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ecomment\u003c/td\u003e\n      \u003ctd\u003eGecos/Comment field.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003euid\u003c/td\u003e\n      \u003ctd\u003eThe numeric user id.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003egid\u003c/td\u003e\n      \u003ctd\u003eThe primary group id.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003egroups\u003c/td\u003e\n      \u003ctd\u003eArray of other groups this user should be a member of.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ehome\u003c/td\u003e\n      \u003ctd\u003eHome directory location.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e\"#{node['user']['home_root']}/#{username}\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eshell\u003c/td\u003e\n      \u003ctd\u003eThe login shell.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enode['user']['default_shell']\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epassword\u003c/td\u003e\n      \u003ctd\u003eShadow hash of password.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enil\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003esystem_user\u003c/td\u003e\n      \u003ctd\u003eWhether or not to create a system user.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003efalse\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003emanage_home\u003c/td\u003e\n      \u003ctd\u003eWhether or not to manage the home directory.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003etrue\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003enon_unique\u003c/td\u003e\n      \u003ctd\u003eWhether or not to allow the creation of a user account with a duplicate UID.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003efalse\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ecreate_group\u003c/td\u003e\n      \u003ctd\u003e\n        Whether or not to to create a group with the same name as the user.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enode['user']['create_group']\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003essh_keys\u003c/td\u003e\n      \u003ctd\u003e\n        A \u003cb\u003eString\u003c/b\u003e or \u003cb\u003eArray\u003c/b\u003e of SSH public keys to populate the\n        user's \u003ccode\u003e.ssh/authorized_keys\u003c/code\u003e file.\n      \u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e[]\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003essh_keygen\u003c/td\u003e\n      \u003ctd\u003eWhether or not to generate an SSH keypair for the user.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003enode['user']['ssh_keygen']\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003egroups\u003c/td\u003e\n      \u003ctd\u003eAn Array of groups to which to add the user.\u003c/td\u003e\n      \u003ctd\u003e\u003ccode\u003e[]\u003c/code\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n#### \u003ca name=\"lwrps-ua-examples\"\u003e\u003c/a\u003e Examples\n\n##### Creating a User Account\n\n    user_account 'hsolo' do\n      comment   'Han Solo'\n      ssh_keys  ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']\n      home      '/opt/hoth/hsolo'\n    end\n\n##### Creating and Locking a User Account\n\n    user_account 'lando' do\n      action  [:create, :lock]\n    end\n\n##### Removing a User account\n\n    user_account 'obiwan' do\n      action  :remove\n    end\n\n## \u003ca name=\"development\"\u003e\u003c/a\u003e Development\n\n* Source hosted at [GitHub][repo]\n* Report issues/Questions/Feature requests on [GitHub Issues][issues]\n\nPull requests are very welcome! Make sure your patches are well tested.\nIdeally create a topic branch for every separate change you make.\n\n## \u003ca name=\"license\"\u003e\u003c/a\u003e License and Author\n\nAuthor:: [Fletcher Nichol][fnichol] (\u003cfnichol@nichol.ca\u003e) [![endorse](http://api.coderwall.com/fnichol/endorsecount.png)](http://coderwall.com/fnichol)\n\nCopyright 2011, Fletcher Nichol\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n[berkshelf]:      http://berkshelf.com/\n[chef_repo]:    https://github.com/opscode/chef-repo\n[cheffile]:     https://github.com/applicationsonline/librarian/blob/master/lib/librarian/chef/templates/Cheffile\n[kgc]:          https://github.com/websterclay/knife-github-cookbooks#readme\n[librarian]:    https://github.com/applicationsonline/librarian#readme\n[ruby-shadow_gem]:  https://rubygems.org/gems/ruby-shadow\n\n[repo]:         https://github.com/fnichol/chef-user\n[issues]:       https://github.com/fnichol/chef-user/issues\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirebase%2Fchef-user","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffirebase%2Fchef-user","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirebase%2Fchef-user/lists"}