Don't create default user group by default
- If not enabled, do not create default user group with
the name of the user
- Add the user to the default group if it's already present
in the system (keep backward compatiblity)
- If default group not defined and it's not present, add
user to 'nogroup' group
Fixes: PROD-32907
Change-Id: I8e2d1fc84d328552b7c5410a72c7ea78a5c420f1
diff --git a/linux/map.jinja b/linux/map.jinja
index f9b9ea0..44cacc1 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -32,6 +32,7 @@
'utc': true,
'user': {},
'group': {},
+ 'create_default_group_for_user': false,
'job': {},
'limit': {},
'locale': {},
diff --git a/linux/system/user.sls b/linux/system/user.sls
index ca95c34..f1fd6e4 100644
--- a/linux/system/user.sls
+++ b/linux/system/user.sls
@@ -1,6 +1,8 @@
{%- from "linux/map.jinja" import system with context %}
{%- if system.enabled %}
+{%- set existing_groups = salt['group.getent']() %}
+
include:
- linux.system.group
@@ -28,11 +30,13 @@
{%- endfor %}
{%- if user.gid is not defined %}
+ {%- if name not in existing_groups|map(attribute="name") and system.get('create_default_group_for_user', False) %}
system_group_{{ name }}:
group.present:
- name: {{ name }}
- require_in:
- user: system_user_{{ name }}
+ {%- endif %}
{%- endif %}
system_user_{{ name }}:
@@ -51,8 +55,10 @@
{% endif %}
{%- if user.gid is defined and user.gid %}
- gid: {{ user.gid }}
- {%- else %}
+ {%- elif name in existing_groups|map(attribute="name") or system.get('create_default_group_for_user', False) %}
- gid_from_name: true
+ {%- else %}
+ - gid: 65534
{%- endif %}
{%- if user.groups is defined %}
- groups: {{ user.groups }}
@@ -132,3 +138,4 @@
{%- endif %}
{%- endfor %}
{%- endif %}
+
\ No newline at end of file