Configuration > Resources
user
Description
This resource manages a user on the client. Its main parameter is name.
Relationship to other resources
Users, as identified by the value of the name parameter, must be unique.
A user implicitly depends on group resources whose name parameter matches one of groups in the groups array. Since group membership is actually handled by the user resource, group resources must be processed after user resources.
Parameters
To declare a resource within the [[resources]] array as a user, set the type meta-parameter to user.
In addition to the meta-parameters listed in Resources, this table lists all resource-specific parameters:
| Name | TOML type | Description | Mandatory | Default |
|---|---|---|---|---|
ensure |
string |
Determines the desired state of the resource. One of:
| yes | present |
name |
string | Primary parameter. The unique name of the user. | yes | |
system |
boolean | Determines if the user is a system user. | yes | false |
comment |
string | An optional comment to attach to the database entry of this user. | no | |
shell |
string |
The path to the login shell of this user. Note that when this parameter is omitted, platform-dependent defaults may apply. |
no | |
home |
string | The home directory of this user. | no | /home/<name> |
password |
string | The password hash of this user. | no | ! (locked) |
expiry_date |
string |
The date at which the account should expire, in the format Note that when this parameter is omitted, platform-dependent defaults may apply. |
no | |
group |
string | The name of the user's primary group. | no | <name> |
groups |
string | The name of supplementary groups that the user should be a member of. | no |
Examples
Minimal
[[resources]]
type = "user"
name = "myuser"
Full
[[resources]]
type = "user"
ensure = "present"
name = "myuser"
system = true
comment = "Employee of the Year"
shell = "/bin/zsh"
home = "/home/myuser"
password = "$6$ugth6io4j7fQHBxh$oDr51KYqju5jMr/lCsYpAouzxOINxhyZhiSRH1220TOZ8VRMxxNaGXnv.JzH/XUN9oezau7sKqrBlcdQfqmGv0"
expiry_date = "2024-12-31" # you will be missed
group = "myuser"
groups = [ "ssh-login", "team-xyz" ]