Managing user groups under Linux with Puppet and Augeas.

I recently came across the situation I needed to use Puppet to assign a specific combination of users to a group.

Under Linux, I could have done this simply by adding the users to the /etc/group file, or if it was a fixed set of groups, I could have used the Puppet user resource. The documentation says you can use the group type and add the members as described. However, the documentation has the caveat

requires features manages_members

and that feature doesn't work on many versions of Linux.

One solution is to use Augeas - according to augeas.net

Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files.

Puppet provides an augeas resource and using this, it becomes relatively simple to add an additional user to a specific group, using module code similar to :

1augeas { "add_user_to_group" :
2    context => "/files/etc/group/groupa",
3    changes => [
4         "set user[.=’usera’] usera", 
5    ],
6    require => group [ 'groupa' ], 
7}

The lines above perform the following steps

  • LINE 2: specify the context that we need. In this case, we're looking at the file /etc/group, specifically for a group groupa
  • LINES 3-5: add usera as the last user assigned to the group
  • LINE 6: ensure that the group groupa has been created before we try to make this change.

Thanks to Raphaël Pinson for pointing out a more elegant method of adding the user that ensured it didn't already exist.

comments powered by Disqus