Merge "Extend linux.user"
diff --git a/README.rst b/README.rst
index f46fc27..0b4e3dc 100644
--- a/README.rst
+++ b/README.rst
@@ -31,7 +31,10 @@
timezone: 'Europe/Prague'
utc: true
-Linux with system users, some with password set
+Linux with system users, some with password set:
+.. WARNING::
+If no 'password' variable has been passed - any predifined password
+will be removed.
.. code-block:: yaml
@@ -50,9 +53,22 @@
jsmith:
name: 'jsmith'
enabled: true
- full_name: 'Password'
+ full_name: 'With clear password'
home: '/home/jsmith'
- password: userpassword
+ hash_password: true
+ password: "userpassword"
+ mark:
+ name: 'mark'
+ enabled: true
+ full_name: "unchange password'
+ home: '/home/mark'
+ password: false
+ elizabeth:
+ name: 'elizabeth'
+ enabled: true
+ full_name: 'With hased password'
+ home: '/home/elizabeth'
+ password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
Configure sudo for users and groups under ``/etc/sudoers.d/``.
This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
diff --git a/linux/system/user.sls b/linux/system/user.sls
index ef01605..fc64038 100644
--- a/linux/system/user.sls
+++ b/linux/system/user.sls
@@ -19,11 +19,17 @@
user.present:
- name: {{ name }}
- home: {{ user.home }}
- {%- if user.password is defined %}
- - password: {{ user.password }}
+ {% if user.get('password') == False %}
+ - enforce_password: false
+ {% elif user.get('password') == None %}
- enforce_password: true
+ - password: '*'
+ {% elif user.get('password') %}
+ - enforce_password: true
+ - password: {{ user.password }}
+ - hash_password: {{ user.get('hash_password', False) }}
+ {% endif %}
- gid_from_name: true
- {%- endif %}
{%- if user.groups is defined %}
- groups: {{ user.groups }}
{%- endif %}