This user "cherryshoe_admin" is only used after I log into the system as myself first with "cherryshoe", and then switch to this user to perform certain tasks such as running application services. Because the "cherryshoe_admin" user is meant to have no password, the ansible user module creates the user "cherryshoe_admin" with no login shell.
Environment:
control node OS - CentOS Linux release 7.3.1611 (Core)
control node ansible - 2.9.18
managed nodes OS - RHEL 7 (with SELinux as Enforcing)
Original ansible tasks:
- name: set up project group cherryshoe_admin
group:
name: "cherryshoe_admin"
state: present
- name: set up project user cherryshoe_admin.
user: name='cherryshoe_admin' group='cherryshoe_admin'
This exclamation points after the username show that the user is locked and "cherryshoe" is unable to su login to "cherryshoe_admin":
$ sudo cat /etc/shadow | grep cherryshoe_admin
cherryshoe_admin:!!:18739:0:99999:7:::
To fix the problem, added additional new task to explicitly force no password for user "cherryshoe_admin":
# cherryshoe_admin needs to have a login shell for su purposes, so unlock account
- block:
- name: unlock cherryshoe_admin user account for su purposes with no password
shell: passwd -u cherryshoe_admin -f
This shows that the user is not locked:
$ sudo cat /etc/shadow | grep cherryshoe_admin
cherryshoe_admin::18739:0:99999:7:::
As my user "cherryshoe", am now able to "su cherryshoe_admin" without a password.
P.S. I also tried using the ansible user module to create the user with a default shell and empty password, but it creates the user as locked:
- name: set up project user cherryshoe_admin.
user: name='cherryshoe_admin' group='cherryshoe_admin' shell=/bin/bash password=""
No comments:
Post a Comment
I appreciate your time in leaving a comment!