{"id":14984561,"url":"https://github.com/sansible/users_and_groups","last_synced_at":"2025-06-11T14:38:38.874Z","repository":{"id":54098113,"uuid":"50594151","full_name":"sansible/users_and_groups","owner":"sansible","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-07T20:25:44.000Z","size":41,"stargazers_count":13,"open_issues_count":4,"forks_count":19,"subscribers_count":12,"default_branch":"develop","last_synced_at":"2025-04-10T21:32:48.682Z","etag":null,"topics":["ansible","ansible-role","ansible-roles"],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sansible.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-01-28T15:53:48.000Z","updated_at":"2020-10-07T17:36:15.000Z","dependencies_parsed_at":"2024-09-25T00:30:13.398Z","dependency_job_id":null,"html_url":"https://github.com/sansible/users_and_groups","commit_stats":{"total_commits":25,"total_committers":11,"mean_commits":2.272727272727273,"dds":0.64,"last_synced_commit":"15c087897a3294586b3af683ea68856134e5ff88"},"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansible%2Fusers_and_groups","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansible%2Fusers_and_groups/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansible%2Fusers_and_groups/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansible%2Fusers_and_groups/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sansible","download_url":"https://codeload.github.com/sansible/users_and_groups/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sansible%2Fusers_and_groups/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259280878,"owners_count":22833468,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","ansible-roles"],"created_at":"2024-09-24T14:09:16.343Z","updated_at":"2025-06-11T14:38:38.843Z","avatar_url":"https://github.com/sansible.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Users and Roles\n\nMaster: [![Build Status](https://travis-ci.org/sansible/users_and_groups.svg?branch=master)](https://travis-ci.org/sansible/users_and_groups)\nDevelop: [![Build Status](https://travis-ci.org/sansible/users_and_groups.svg?branch=develop)](https://travis-ci.org/sansible/users_and_groups)\n\n* [ansible.cfg](#ansible-cfg)\n* [Installation and Dependencies](#installation-and-dependencies)\n* [Tags](#tags)\n* [Examples](#examples)\n\nThis roles manages OS users and groups.\n\n\n## Installation and Dependencies\n\nThis role has no dependencies.\n\nTo install run `ansible-galaxy install sansible.users_and_groups` or add\nthis to your `roles.yml`\n\n```YAML\n- name: sansible.users_and_groups\n  version: v2.0\n```\n\nand run `ansible-galaxy install -p ./roles -r roles.yml`\n\n\n## Tags\n\nThis role uses two tags: **build** and **maintain**\n\n* `build` - Ensures that specified groups and users are present.\n* `maintain` - Ensures users on an already built and configured instance.\n\n\n## Examples\n\nSimple example for creating two users and two groups.\n\n```YAML\n- name: Configure User Access\n  hosts: sandbox\n\n  roles:\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_groups:\n        - name: lorem\n          system: yes\n        - name: ipsum\n      sansible_users_and_groups_users:\n        - name: lorem.ipsum\n          groups:\n            - ipsum\n            - lorem\n          ssh_key: ./lorem.ipsum.pub\n        - name: dolor.ament\n          groups:\n            - ipsum\n```\n\nCreating a jailed SFTP user\n(cf [here](https://wiki.archlinux.org/index.php/SFTP_chroot) for a\nstep-by-step guide):\n\n```YAML\n- name: Configure User Access\n  hosts: sandbox\n\n  roles:\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_authorized_keys_dir: /etc/ssh/authorized_keys\n      sansible_users_and_groups_groups:\n        - name: sftp_only\n      sansible_users_and_groups_users:\n        - name: sftp\n          group: sftp_only\n          home: /mnt/sftp_vol\n```\n\nIn most cases you would keep the list of users in external vars file or\ngroup|host vars file.\n\n```YAML\n- name: Configure User Access\n  hosts: sandbox\n\n  vars_files:\n    - \"vars/sandbox/users.yml\"\n\n  roles:\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_groups: \"{{ base_image.os_groups }}\"\n      sansible_users_and_groups_users: \"{{ base_image.admins }}\"\n\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_users: \"{{ developers }}\"\n```\n\nAdd selected group to sudoers\n\n```YAML\n- name: Configure User Access\n  hosts: sandbox\n\n  vars_files:\n    - \"vars/sandbox/users.yml\"\n\n  roles:\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_groups: \"{{ base_image.os_groups }}\"\n      sansible_users_and_groups_users: \"{{ base_image.admins }}\"\n\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_users: \"{{ developers }}\"\n\n    - name: sansible.users_and_groups\n      sansible_users_and_groups_sudoers:\n        - name: wheel\n          user: \"%wheel\"\n          runas: \"ALL=(ALL)\"\n          commands: \"NOPASSWD: ALL\"\n```\n\nUse whitelist groups option to allow users contextually.\n\nVar file with users:\n\n```YAML\n---\n\n# vars/users.yml\n\nsansible_users_and_groups_groups:\n  - name: admins\n  - name: developer_group_alpha\n  - name: developer_group_beta\nsansible_users_and_groups_users:\n  - name: admin.user\n    group: admins\n  - name: alpha.user\n    group: alpha_develops\n  - name: beta.user\n    group: developer_group_beta\n```\n\nIn a base image:\n\n```YAML\n---\n\n# playbooks/base_image.yml\n\n- name: Base Image\n  hosts: \"{{ hosts }}\"\n\n  vars_files:\n    - vars/users.yml\n\n  roles:\n    - role: sansible.users_and_groups\n      sansible_users_and_groups_whitelist_groups:\n        - admins\n\n    - role: base_image\n```\n\nIn a service role:\n\n```YAML\n---\n\n# playbooks/alpha_service.yml\n\n- name: Alpha Service\n  hosts: \"{{ hosts }}\"\n\n  vars_files:\n    - vars/users.yml\n\n  roles:\n    - role: sansible.users_and_groups\n      sansible_users_and_groups_whitelist_groups:\n        - admins\n        - developer_group_alpha\n\n    - role: alpha_service\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsansible%2Fusers_and_groups","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsansible%2Fusers_and_groups","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsansible%2Fusers_and_groups/lists"}