Difference between revisions of "Linux User Management"
Line 1: | Line 1: | ||
{{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Linux User Management |[[:Category:ITOM|Index]]}} | {{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Linux User Management |[[:Category:ITOM|Index]]}} | ||
[[File:Tux.svg.png|300px]] | [[File:Tux.svg.png|300px]] | ||
− | {{IntroAndLinks| | + | {{IntroAndLinks|A collection of operations to manage Linux User accounts |
− | + | | | |
− | | | ||
<!-- Related Links go here --> | <!-- Related Links go here --> | ||
:* [[IT_Operations_Management|IT Operations Management]] | :* [[IT_Operations_Management|IT Operations Management]] | ||
Line 9: | Line 8: | ||
:* [[Hornbill_KeySafe|KeySafe]] | :* [[Hornbill_KeySafe|KeySafe]] | ||
}} | }} | ||
+ | |||
==Target Environment Requirements== | ==Target Environment Requirements== | ||
Line 44: | Line 44: | ||
===Create User=== | ===Create User=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | Creates a Linux user account | + | Creates a Linux user account using the adduser command |
− | |||
− | |||
− | |||
− | |||
====Input Parameters==== | ====Input Parameters==== | ||
* <code>username</code> '''MANDATORY''' - | * <code>username</code> '''MANDATORY''' - | ||
+ | * <code>createHomeDirectory</code> '''MANDATORY''' - | ||
* <code>password</code> - | * <code>password</code> - | ||
* <code>comment</code> - | * <code>comment</code> - | ||
− | |||
* <code>loginShell</code> - | * <code>loginShell</code> - | ||
* <code>expiryDate</code> - | * <code>expiryDate</code> - | ||
Line 78: | Line 74: | ||
===Delete User=== | ===Delete User=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | Delate a Linux user | + | Delate a Linux user account and optionally the user home folder and files. This operation uses the userdel command |
− | |||
− | |||
====Input Parameters==== | ====Input Parameters==== | ||
− | * <code>username</code> - Username | + | * <code>username</code> '''MANDATORY''' - Username |
* <code>RemoveFiles</code> '''MANDATORY''' - Force the removal of files | * <code>RemoveFiles</code> '''MANDATORY''' - Force the removal of files | ||
* <code>RemoveHome</code> '''MANDATORY''' - Remove home directory and mail spool | * <code>RemoveHome</code> '''MANDATORY''' - Remove home directory and mail spool | ||
Line 98: | Line 92: | ||
===User Details=== | ===User Details=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | Retrieve user details | + | Retrieve a user details from the passwd file |
====Input Parameters==== | ====Input Parameters==== | ||
Line 121: | Line 115: | ||
===Lock User=== | ===Lock User=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | + | Lock a users account using the usermod command | |
====Input Parameters==== | ====Input Parameters==== | ||
Line 135: | Line 129: | ||
===Unlock User=== | ===Unlock User=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | + | Unlock a users account using the usermod command | |
====Input Parameters==== | ====Input Parameters==== | ||
− | * <code>username</code> - | + | * <code>username</code> '''MANDATORY''' - |
====Output Parameters==== | ====Output Parameters==== | ||
Line 151: | Line 145: | ||
===Modify User=== | ===Modify User=== | ||
<div class="mw-collapsible-content"> | <div class="mw-collapsible-content"> | ||
− | + | Modify user account details using the usermod command | |
====Input Parameters==== | ====Input Parameters==== | ||
+ | * <code>username</code> '''MANDATORY''' - User login name | ||
* <code>MoveDir</code> '''MANDATORY''' - Move the contents of the home directory to the new location: HomeDirectory | * <code>MoveDir</code> '''MANDATORY''' - Move the contents of the home directory to the new location: HomeDirectory | ||
* <code>HomeDirectory</code> - Absolute Path to new Home Directory | * <code>HomeDirectory</code> - Absolute Path to new Home Directory | ||
Line 166: | Line 161: | ||
* <code>NewLoginName</code> - Sets a new user name for the account | * <code>NewLoginName</code> - Sets a new user name for the account | ||
* <code>UserId</code> - Sets new User ID for the user account | * <code>UserId</code> - Sets new User ID for the user account | ||
− | |||
* <code>Cipher</code> - | * <code>Cipher</code> - | ||
Revision as of 07:15, 8 September 2021
Home > Administration > IT Operations Management > ITOM Package Library > Linux User Management | Index |
IntroductionA collection of operations to manage Linux User accounts |
|
Target Environment Requirements
Credentials
Except for the Is Package Installed operation, Accounts used when executing jobs against operations contained within this package must adhere to the following requirements:
- The target machine must have a local admin user that will be used for running the operations;
- SSH Remote Login must be enabled for the user above user
- Configuration for the user must be added to the sudoers file on the target machine, to allow the above user to sudo without a password (example: __someadminuser ALL = (ALL) NOPASSWD:ALL__).
KeySafe Configuration
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges on the target.
To configure your Target Machine account authentication in KeySafe:
- In the Admin console, navigate to: System > Security > KeySafe;
- Click on + then select
Username + Password
; - Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
- Optionally add a description;
- Populate the Username field with the domain/local account username for the account being used on the target machine;
- Populate the Password field with the password for the above account;
- Select Create Key to save.
Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.
Package Operations
The Linux User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Runbooks.
Create User
Creates a Linux user account using the adduser command
Input Parameters
username
MANDATORY -createHomeDirectory
MANDATORY -password
-comment
-loginShell
-expiryDate
-primaryGroup
-SupplementaryGroups
-homeDirectoryLocation
-Cipher
-
Output Parameters
Username
UserId
Comment
HomeDirectory
Groups
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Delete User
Delate a Linux user account and optionally the user home folder and files. This operation uses the userdel command
Input Parameters
username
MANDATORY - UsernameRemoveFiles
MANDATORY - Force the removal of filesRemoveHome
MANDATORY - Remove home directory and mail spool
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
User Details
Retrieve a user details from the passwd file
Input Parameters
username
MANDATORY -
Output Parameters
UserName
UserId
GroupId
Comment
HomeDirectory
Shell
SupplementaryGroups
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Lock User
Lock a users account using the usermod command
Input Parameters
username
MANDATORY -
Output Parameters
No output parameters
Unlock User
Unlock a users account using the usermod command
Input Parameters
username
MANDATORY -
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Modify User
Modify user account details using the usermod command
Input Parameters
username
MANDATORY - User login nameMoveDir
MANDATORY - Move the contents of the home directory to the new location: HomeDirectoryHomeDirectory
- Absolute Path to new Home DirectoryPassword
- Users new passwordComment
- GCEOS fieldLoginShell
- Specifies the users login shellGroupName
- New Primary Group nameSuppGroupNames
- Comma Separated list of group namesAccountExpiry
- Expiry date format = yyyy-mm-ddExpiryDays
- Number of days after password expiry until the account is disabled.NewLoginName
- Sets a new user name for the accountUserId
- Sets new User ID for the user accountCipher
-
Output Parameters
Username
UserId
Comment
HomeDirectory
Groups
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation