Home

Arillso Guide Documentation

arillso.system.users role – Cross-platform user management

Note

This role is part of the arillso.system collection (version 0.0.36).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install arillso.system.

To use it in a playbook, specify: arillso.system.users.

Entry point `create_user_linux` – Linux user management 

Synopsis 

This role manages Linux users, their home directories, SSH keys,
and file permissions based on OS-specific variables.

Parameters 

Parameter	Comments
users_list list / elements=dictionary / required	A list of users with their properties to be ensured on the system.
append boolean	If true, additional groups are appended to the existing group list instead of replacing it. Choices: `false` `true`
comment string	The comment or full name for the user account. Optional, but recommended for clarity.
create_home boolean	Determines if the home directory should be created if it does not exist. Default is true. Choices: `false` `true`
expires float	Account expiration time as an epoch timestamp. Optional.
force boolean	Forces certain actions, such as overwriting an existing SSH key or removing an account. Choices: `false` `true`
group string	Primary group for the user. Optional, system default is used if not specified.
groups list / elements=string	List of additional groups the user will be added to. Optional.
home path	Home directory to create or manage. Optional if system default is used.
local boolean	Use local commands for user management. Optional. Choices: `false` `true`
login_class string	Specifies the login class for the user (primarily BSD-specific). Optional.
move_home boolean	Moves the user’s home directory if it already exists. Optional. Choices: `false` `true`
password string	Password for the user, optionally hashed. Recommended for security.
password_expire_account_disable integer	Number of days after which the account is disabled once the password expires. Optional.
password_expire_max integer	Maximum number of days between password changes (Linux only). Optional.
password_expire_min integer	Minimum number of days between password changes (Linux only). Optional.
password_expire_warn integer	Number of warning days before the password expires (Linux only). Optional.
password_lock boolean	Specifies whether the password is locked. Optional. Choices: `false` `true`
profile string	Defines the user’s profile (primarily Solaris-specific). Optional.
remove boolean	Removes the user and associated directories (only with state=absent). Optional. Choices: `false` `true`
role string	Specifies the role of the user (primarily Solaris-specific). Optional.
seuser string	Sets the SELinux user type (only relevant on SELinux-enabled systems). Optional.
shell string	The shell assigned to the user. Optional, defaults to system standard.
skeleton string	Specifies a skeleton directory for the home directory. Requires create_home. Optional.
ssh_key_bits integer	Number of bits for the generated SSH key. Optional, default depends on ssh-keygen.
ssh_key_comment string	Comment to be added to the generated SSH key. Optional.
ssh_key_file string	Path to the SSH key file (relative to the home directory).
ssh_key_generate boolean	Indicates whether to generate SSH keys for the user. Default is false. Choices: `false` `true`
ssh_key_passphrase string	Passphrase for the generated SSH key. Optional.
system boolean	Specifies if the user is a system account. Default is false. Choices: `false` `true`
uid integer	The numeric user id for the user. Optional for system-generated IDs.
uid_max integer	Maximum allowed UID value (Linux-specific). Optional.
uid_min integer	Minimum allowed UID value (Linux-specific). Optional.
umask string	Sets the umask for the user (Linux only). Optional.
update_password string	Determines whether to update the password if it differs from the current one. Optional.
username string / required	The username of the account.

Entry point `create_user_windows` – Windows user management 

Synopsis 

This section manages Windows user accounts, setting properties,
managing group memberships, and editing registry settings for user configurations.

Parameters 

Parameter	Comments
users_list list / elements=dictionary / required	A list of users with their properties to be ensured on the system.
append boolean	If true, additional groups are appended to the existing group list instead of replacing it. Choices: `false` `true`
comment string	The comment or full name for the user account. Optional, but recommended for clarity.
create_home boolean	Determines if the home directory should be created if it does not exist. Default is true. Choices: `false` `true`
expires float	Account expiration time as an epoch timestamp. Optional.
force boolean	Forces certain actions, such as overwriting an existing SSH key or removing an account. Choices: `false` `true`
group string	Primary group for the user. Optional, system default is used if not specified.
groups list / elements=string	List of additional groups the user will be added to. Optional.
home path	Home directory to create or manage. Optional if system default is used.
local boolean	Use local commands for user management. Optional. Choices: `false` `true`
login_class string	Specifies the login class for the user (primarily BSD-specific). Optional.
move_home boolean	Moves the user’s home directory if it already exists. Optional. Choices: `false` `true`
password string	Password for the user, optionally hashed. Recommended for security.
password_expire_account_disable integer	Number of days after which the account is disabled once the password expires. Optional.
password_expire_max integer	Maximum number of days between password changes (Linux only). Optional.
password_expire_min integer	Minimum number of days between password changes (Linux only). Optional.
password_expire_warn integer	Number of warning days before the password expires (Linux only). Optional.
password_lock boolean	Specifies whether the password is locked. Optional. Choices: `false` `true`
profile string	Defines the user’s profile (primarily Solaris-specific). Optional.
remove boolean	Removes the user and associated directories (only with state=absent). Optional. Choices: `false` `true`
role string	Specifies the role of the user (primarily Solaris-specific). Optional.
seuser string	Sets the SELinux user type (only relevant on SELinux-enabled systems). Optional.
shell string	The shell assigned to the user. Optional, defaults to system standard.
skeleton string	Specifies a skeleton directory for the home directory. Requires create_home. Optional.
ssh_key_bits integer	Number of bits for the generated SSH key. Optional, default depends on ssh-keygen.
ssh_key_comment string	Comment to be added to the generated SSH key. Optional.
ssh_key_file string	Path to the SSH key file (relative to the home directory).
ssh_key_generate boolean	Indicates whether to generate SSH keys for the user. Default is false. Choices: `false` `true`
ssh_key_passphrase string	Passphrase for the generated SSH key. Optional.
system boolean	Specifies if the user is a system account. Default is false. Choices: `false` `true`
uid integer	The numeric user id for the user. Optional for system-generated IDs.
uid_max integer	Maximum allowed UID value (Linux-specific). Optional.
uid_min integer	Minimum allowed UID value (Linux-specific). Optional.
umask string	Sets the umask for the user (Linux only). Optional.
update_password string	Determines whether to update the password if it differs from the current one. Optional.
username string / required	The username of the account.

Entry point `main` – Cross-platform user management 

Synopsis 

This role manages user accounts on both Linux and Windows systems.
It applies OS-specific configurations and handles user attributes,
such as home directories, SSH keys, and permissions.

Parameters 

Parameter	Comments
users_authorized_keys_exclusive string	Whether to exclusively manage the ‘authorized_keys’ file. Default is ‘no’. Default: `"no"`
users_group string	Default primary group for users. Not set by default.
users_group_list list / elements=dictionary / required	A list of users with their properties to be ensured on the system.
append boolean	If true, additional groups are appended to the existing group list instead of replacing it. Choices: `false` `true`
comment string	The comment or full name for the user account. Optional, but recommended for clarity.
create_home boolean	Determines if the home directory should be created if it does not exist. Default is true. Choices: `false` `true`
expires float	Account expiration time as an epoch timestamp. Optional.
force boolean	Forces certain actions, such as overwriting an existing SSH key or removing an account. Choices: `false` `true`
group string	Primary group for the user. Optional, system default is used if not specified.
groups list / elements=string	List of additional groups the user will be added to. Optional.
home path	Home directory to create or manage. Optional if system default is used.
local boolean	Use local commands for user management. Optional. Choices: `false` `true`
login_class string	Specifies the login class for the user (primarily BSD-specific). Optional.
move_home boolean	Moves the user’s home directory if it already exists. Optional. Choices: `false` `true`
password string	Password for the user, optionally hashed. Recommended for security.
password_expire_account_disable integer	Number of days after which the account is disabled once the password expires. Optional.
password_expire_max integer	Maximum number of days between password changes (Linux only). Optional.
password_expire_min integer	Minimum number of days between password changes (Linux only). Optional.
password_expire_warn integer	Number of warning days before the password expires (Linux only). Optional.
password_lock boolean	Specifies whether the password is locked. Optional. Choices: `false` `true`
profile string	Defines the user’s profile (primarily Solaris-specific). Optional.
remove boolean	Removes the user and associated directories (only with state=absent). Optional. Choices: `false` `true`
role string	Specifies the role of the user (primarily Solaris-specific). Optional.
seuser string	Sets the SELinux user type (only relevant on SELinux-enabled systems). Optional.
shell string	The shell assigned to the user. Optional, defaults to system standard.
skeleton string	Specifies a skeleton directory for the home directory. Requires create_home. Optional.
ssh_key_bits integer	Number of bits for the generated SSH key. Optional, default depends on ssh-keygen.
ssh_key_comment string	Comment to be added to the generated SSH key. Optional.
ssh_key_file string	Path to the SSH key file (relative to the home directory).
ssh_key_generate boolean	Indicates whether to generate SSH keys for the user. Default is false. Choices: `false` `true`
ssh_key_passphrase string	Passphrase for the generated SSH key. Optional.
system boolean	Specifies if the user is a system account. Default is false. Choices: `false` `true`
uid integer	The numeric user id for the user. Optional for system-generated IDs.
uid_max integer	Maximum allowed UID value (Linux-specific). Optional.
uid_min integer	Minimum allowed UID value (Linux-specific). Optional.
umask string	Sets the umask for the user (Linux only). Optional.
update_password string	Determines whether to update the password if it differs from the current one. Optional.
username string / required	The username of the account.
users_groups list / elements=string	List of default secondary groups for users. Defaults to an empty list. Default: `[]`
users_home path	Default home directory path for users. Default is ‘/home’. Default: `"/home"`
users_home_mode string	Default permissions for users’ home directories. Default is ‘0755’. Default: `"0755"`
users_host_list list / elements=dictionary / required	A list of users with their properties to be ensured on the system.
append boolean	If true, additional groups are appended to the existing group list instead of replacing it. Choices: `false` `true`
comment string	The comment or full name for the user account. Optional, but recommended for clarity.
create_home boolean	Determines if the home directory should be created if it does not exist. Default is true. Choices: `false` `true`
expires float	Account expiration time as an epoch timestamp. Optional.
force boolean	Forces certain actions, such as overwriting an existing SSH key or removing an account. Choices: `false` `true`
group string	Primary group for the user. Optional, system default is used if not specified.
groups list / elements=string	List of additional groups the user will be added to. Optional.
home path	Home directory to create or manage. Optional if system default is used.
local boolean	Use local commands for user management. Optional. Choices: `false` `true`
login_class string	Specifies the login class for the user (primarily BSD-specific). Optional.
move_home boolean	Moves the user’s home directory if it already exists. Optional. Choices: `false` `true`
password string	Password for the user, optionally hashed. Recommended for security.
password_expire_account_disable integer	Number of days after which the account is disabled once the password expires. Optional.
password_expire_max integer	Maximum number of days between password changes (Linux only). Optional.
password_expire_min integer	Minimum number of days between password changes (Linux only). Optional.
password_expire_warn integer	Number of warning days before the password expires (Linux only). Optional.
password_lock boolean	Specifies whether the password is locked. Optional. Choices: `false` `true`
profile string	Defines the user’s profile (primarily Solaris-specific). Optional.
remove boolean	Removes the user and associated directories (only with state=absent). Optional. Choices: `false` `true`
role string	Specifies the role of the user (primarily Solaris-specific). Optional.
seuser string	Sets the SELinux user type (only relevant on SELinux-enabled systems). Optional.
shell string	The shell assigned to the user. Optional, defaults to system standard.
skeleton string	Specifies a skeleton directory for the home directory. Requires create_home. Optional.
ssh_key_bits integer	Number of bits for the generated SSH key. Optional, default depends on ssh-keygen.
ssh_key_comment string	Comment to be added to the generated SSH key. Optional.
ssh_key_file string	Path to the SSH key file (relative to the home directory).
ssh_key_generate boolean	Indicates whether to generate SSH keys for the user. Default is false. Choices: `false` `true`
ssh_key_passphrase string	Passphrase for the generated SSH key. Optional.
system boolean	Specifies if the user is a system account. Default is false. Choices: `false` `true`
uid integer	The numeric user id for the user. Optional for system-generated IDs.
uid_max integer	Maximum allowed UID value (Linux-specific). Optional.
uid_min integer	Minimum allowed UID value (Linux-specific). Optional.
umask string	Sets the umask for the user (Linux only). Optional.
update_password string	Determines whether to update the password if it differs from the current one. Optional.
username string / required	The username of the account.
users_list list / elements=dictionary / required	A list of users with their properties to be ensured on the system.
append boolean	If true, additional groups are appended to the existing group list instead of replacing it. Choices: `false` `true`
comment string	The comment or full name for the user account. Optional, but recommended for clarity.
create_home boolean	Determines if the home directory should be created if it does not exist. Default is true. Choices: `false` `true`
expires float	Account expiration time as an epoch timestamp. Optional.
force boolean	Forces certain actions, such as overwriting an existing SSH key or removing an account. Choices: `false` `true`
group string	Primary group for the user. Optional, system default is used if not specified.
groups list / elements=string	List of additional groups the user will be added to. Optional.
home path	Home directory to create or manage. Optional if system default is used.
local boolean	Use local commands for user management. Optional. Choices: `false` `true`
login_class string	Specifies the login class for the user (primarily BSD-specific). Optional.
move_home boolean	Moves the user’s home directory if it already exists. Optional. Choices: `false` `true`
password string	Password for the user, optionally hashed. Recommended for security.
password_expire_account_disable integer	Number of days after which the account is disabled once the password expires. Optional.
password_expire_max integer	Maximum number of days between password changes (Linux only). Optional.
password_expire_min integer	Minimum number of days between password changes (Linux only). Optional.
password_expire_warn integer	Number of warning days before the password expires (Linux only). Optional.
password_lock boolean	Specifies whether the password is locked. Optional. Choices: `false` `true`
profile string	Defines the user’s profile (primarily Solaris-specific). Optional.
remove boolean	Removes the user and associated directories (only with state=absent). Optional. Choices: `false` `true`
role string	Specifies the role of the user (primarily Solaris-specific). Optional.
seuser string	Sets the SELinux user type (only relevant on SELinux-enabled systems). Optional.
shell string	The shell assigned to the user. Optional, defaults to system standard.
skeleton string	Specifies a skeleton directory for the home directory. Requires create_home. Optional.
ssh_key_bits integer	Number of bits for the generated SSH key. Optional, default depends on ssh-keygen.
ssh_key_comment string	Comment to be added to the generated SSH key. Optional.
ssh_key_file string	Path to the SSH key file (relative to the home directory).
ssh_key_generate boolean	Indicates whether to generate SSH keys for the user. Default is false. Choices: `false` `true`
ssh_key_passphrase string	Passphrase for the generated SSH key. Optional.
system boolean	Specifies if the user is a system account. Default is false. Choices: `false` `true`
uid integer	The numeric user id for the user. Optional for system-generated IDs.
uid_max integer	Maximum allowed UID value (Linux-specific). Optional.
uid_min integer	Minimum allowed UID value (Linux-specific). Optional.
umask string	Sets the umask for the user (Linux only). Optional.
update_password string	Determines whether to update the password if it differs from the current one. Optional.
username string / required	The username of the account.
users_ssh_key_bits integer	Default SSH key bit length for users. Default is 2048. Default: `2048`
users_ssh_key_type string	Default SSH key type for users. Default is ‘rsa’. Default: `"rsa"`

Collection links