From 4fb52a7127d63bf2970473a2e4ca151c101be86a Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Wed, 15 Feb 2023 21:41:11 +0100 Subject: [PATCH] fix: lock unix users --- tasks/create_unix_user.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tasks/create_unix_user.yml b/tasks/create_unix_user.yml index 3af42e3..c633526 100644 --- a/tasks/create_unix_user.yml +++ b/tasks/create_unix_user.yml @@ -12,10 +12,9 @@ create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" - password: "{{ (unix_user.value.password | password_hash('sha512')) | default('!') }}" + password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is not defined and unix_user.value.uid is not defined - no_log: true - name: "Create unix user without additional groups and with uid: {{ unix_user.key }}" ansible.builtin.user: @@ -26,10 +25,9 @@ create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" - password: "{{ (unix_user.value.password | password_hash('sha512')) | default('!') }}" + password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is not defined and unix_user.value.uid is defined - no_log: true - name: "Create unix user with additional groups and uid: {{ unix_user.key }}" ansible.builtin.user: @@ -41,10 +39,9 @@ create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" - password: "{{ (unix_user.value.password | password_hash('sha512')) | default('!') }}" + password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is defined and unix_user.value.uid is defined - no_log: true - name: "Create unix user with additional groups and without uid: {{ unix_user.key }}" ansible.builtin.user: @@ -55,10 +52,9 @@ create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" - password: "{{ (unix_user.value.password | password_hash('sha512')) | default('!') }}" + password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is defined and unix_user.value.uid is not defined - no_log: true - name: "Create .ssh directory for unix user: {{ unix_user.key }}" ansible.builtin.file: