On 11/25/21 21:24, Thomas Mueller wrote:> at least it seems that save, that ansible > * > https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L625 > > * > https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L640-L643 > > > and puppet > * > https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb#L12 > > > are using it, when you specify "local=yes" or "forcelocal=true".I suppose someone should file bug reports.? luserdel probably could be used to confine actions to the local host, as long as ansible/puppet provided their own libuser.conf and set the LIBUSER_CONF to the path of that file...
hello fellow linux users, thank you for your answers. Gordon Messmer <gordon.messmer at gmail.com> writes:> On 11/25/21 21:24, Thomas Mueller wrote: >> at least it seems that save, that ansible >> * >> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L625 >> >> * >> https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/user.py#L640-L643 >> >> >> and puppet >> * >> https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/useradd.rb#L12 >> >> >> are using it, when you specify "local=yes" or "forcelocal=true". > > > I suppose someone should file bug reports.? luserdel probably could be used > to confine actions to the local host, as long as ansible/puppet provided > their own libuser.conf and set the LIBUSER_CONF to the path of that > file...I attached the /etc/libuser.conf. Is it safe to use luserdel/lgroupdel with these settings (without affecting LDAP)? modules = files shadow -> The man page says "A list of module names to use when not creating user or group entries..." How about if I disable networking so that the LDAP Server is not reachable (pingable) before running luserdel/lgroupdel? Would that be 100% safe? Many Thanks and Best Regards! -- Felix Natter
On Thu, Nov 25, 2021 at 10:30:22PM -0800, Gordon Messmer wrote:> I suppose someone should file bug reports.? luserdel probably could > be used to confine actions to the local host, as long as > ansible/puppet provided their own libuser.conf and set the > LIBUSER_CONF to the path of that file...Yeah. But that's kind of silly. There's gotta be a better way. https://github.com/ansible/ansible/issues/76376 -- Matthew Miller <mattdm at fedoraproject.org> Fedora Project Leader
On 26/11/21 6:27 pm, Felix Natter wrote:> How about if I disable networking so that the LDAP Server is not > reachable (pingable) before running luserdel/lgroupdel? Would that be > 100% safe?Why not create a test user, that has similar settings to the real user account you are trying to affect, and test with it. Is it that hard to do?