Changes in user management:

  - Allow to specify primary gid for user
  - Use user.name field for setting linux username
  - Allow non-unique uids
  - Workaround file.directory bug for non-unique uids
  - Allow system users (Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID)

Author: horakmar

README.rst

@@ -69,6 +69,16 @@ Linux with system users, some with password set:
             full_name: 'With hased password'
             home: '/home/elizabeth'
             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
+          someserv:
+            name: 'someservice'
+            enabled: true
+            full_name: 'Some super service owner'
+            home: '/usr/lib/someservice'
+            home_dir_mode: 700
+            system:true
+            unique: false
+            uid: 0
+            gid: 0
 
 Configure sudo for users and groups under ``/etc/sudoers.d/``.
 This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

linux/system/user.sls

@@ -16,16 +16,16 @@ include:
 {%- endfor %}
 
 {%- if user.gid is not defined %}
-system_group_{{ name }}:
+system_group_{{ user.name }}:
   group.present:
-  - name: {{ name }}
+  - name: {{ user.name }}
   - require_in:
-    - user: system_user_{{ name }}
+    - user: system_user_{{ user.name }}
 {%- endif %}
 
-system_user_{{ name }}:
+system_user_{{ user.name }}:
   user.present:
-  - name: {{ name }}
+  - name: {{ user.name }}
   - home: {{ user.home }}
   {% if user.get('password') == False %}
   - enforce_password: false
@@ -37,7 +37,11 @@ system_user_{{ name }}:
   - password: {{ user.password }}
   - hash_password: {{ user.get('hash_password', False) }}
   {% endif %}
+  {%- if user.gid is defined %}
+  - gid: {{ user.gid }}
+  {%- else %}
   - gid_from_name: true
+  {%- endif %}
   {%- if user.groups is defined %}
   - groups: {{ user.groups }}
   {%- endif %}
@@ -47,53 +51,60 @@ system_user_{{ name }}:
   {%- else %}
   - shell: {{ user.get('shell', '/bin/bash') }}
   {%- endif %}
-  {%- if user.uid is defined and user.uid %}
+  {%- if user.uid is defined %}
   - uid: {{ user.uid }}
   {%- endif %}
+  {%- if user.unique is defined %}
+  - unique: {{ user.unique }}
+  {%- endif %}
   - require: {{ requires|yaml }}
 
 system_user_home_{{ user.home }}:
   file.directory:
   - name: {{ user.home }}
-  - user: {{ name }}
+  {%- if user.uid is defined and user.uid == 0 %}
+  - user: root
+  {%- else %}
+  - user: {{ user.name }}
+  {%- endif %}
   - mode: {{ user.get('home_dir_mode', 700) }}
   - makedirs: true
   - require:
-    - user: system_user_{{ name }}
+    - user: system_user_{{ user.name }}
 
 {%- if user.get('sudo', False) %}
 
-/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
+/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}:
   file.managed:
   - source: salt://linux/files/sudoer
   - template: jinja
   - user: root
   - group: root
   - mode: 440
   - defaults:
-    user_name: {{ name }}
+    user_name: {{ user.name }}
   - require:
-    - user: system_user_{{ name }}
+    - user: system_user_{{ user.name }}
   - check_cmd: /usr/sbin/visudo -c -f
 
 {%- else %}
 
-/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
+/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}:
   file.absent
 
 {%- endif %}
 
 {%- else %}
 
-system_user_{{ name }}:
+system_user_{{ user.name }}:
   user.absent:
-  - name: {{ name }}
+  - name: {{ user.name }}
 
 system_user_home_{{ user.home }}:
   file.absent:
   - name: {{ user.home }}
 
-/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
+/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}:
   file.absent
 
 {%- endif %}