Page MenuHomeMiraheze

Absenting user in users module does not remove account from system
Closed, ResolvedPublic

Description

Today I had to remove a user's shell access using the puppet module. While their keys were properly removed from /etc/ssh, their actual user accounts was still present on the system per "getent passwd".

I had to run userdel manually on the servers to force a removal of the user account. While removing their user account does not affect anything in this case (their public key was not present on the server), we may end up using services that only require the presence of a user account on the system (as we already do with mail accounts).

Event Timeline

Paladox triaged this task as Normal priority.May 28 2019, 13:21
John closed this task as Resolved.Mar 19 2020, 20:48
John claimed this task.
John added a subscriber: John.

The puppet resource should remove the user when set to absent - I tested this and it works.

root@puppet1:~# puppet apply --execute "user{ 'test': ensure => present }"
Notice: Compiled catalog for puppet1.miraheze.org in environment production in 0.02 seconds
Notice: /Stage[main]/Main/User[test]/ensure: created
Notice: Applied catalog in 0.09 seconds
root@puppet1:~# id test
uid=3002(test) gid=3003(test) groups=3003(test)
root@puppet1:~# puppet apply --execute "user{ 'test': ensure => absent }"
Notice: Compiled catalog for puppet1.miraheze.org in environment production in 0.01 seconds
Notice: /Stage[main]/Main/User[test]/ensure: removed
Notice: Applied catalog in 0.09 seconds
root@puppet1:~# id test
id: ‘test’: no such user