Difference between revisions of "Linux User Management"

From Hornbill
Jump to navigation Jump to search
Line 1: Line 1:
 
{{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Linux User Management |[[:Category:ITOM|Index]]}}
 
{{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Linux User Management |[[:Category:ITOM|Index]]}}
 
[[File:Tux.svg.png|300px]]
 
[[File:Tux.svg.png|300px]]
{{IntroAndLinks|
+
{{IntroAndLinks|A collection of operations to manage Linux User accounts
The Linux User Management package for Hornbill's IT Operations Management (ITOM) provides a number of administrative operations that can be carried out on user accounts located on your behind-the-firewall Linux Servers.
+
|
|  
 
 
<!-- Related Links go here -->
 
<!-- Related Links go here -->
 
:* [[IT_Operations_Management|IT Operations Management]]
 
:* [[IT_Operations_Management|IT Operations Management]]
Line 9: Line 8:
 
:* [[Hornbill_KeySafe|KeySafe]]
 
:* [[Hornbill_KeySafe|KeySafe]]
 
}}
 
}}
 +
 
==Target Environment Requirements==
 
==Target Environment Requirements==
  
Line 44: Line 44:
 
===Create User===
 
===Create User===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
Creates a Linux user account
+
Creates a Linux user account using the adduser command
 
 
Generic  executes on ubuntu centos debian
 
 
 
Oracle SunOS fails if attempt to set password this needs to be done in a separate operation
 
  
 
====Input Parameters====
 
====Input Parameters====
  
 
* <code>username</code> '''MANDATORY''' -   
 
* <code>username</code> '''MANDATORY''' -   
 +
* <code>createHomeDirectory</code> '''MANDATORY''' - 
 
* <code>password</code> -   
 
* <code>password</code> -   
 
* <code>comment</code> -   
 
* <code>comment</code> -   
* <code>createHomeDirectory</code> '''MANDATORY''' - 
 
 
* <code>loginShell</code> -   
 
* <code>loginShell</code> -   
 
* <code>expiryDate</code> -   
 
* <code>expiryDate</code> -   
Line 78: Line 74:
 
===Delete User===
 
===Delete User===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
Delate a Linux user
+
Delate a Linux user account and optionally the user home folder and files.  This operation uses the userdel command
 
 
Solaris does not support the -r or -f
 
  
 
====Input Parameters====
 
====Input Parameters====
  
* <code>username</code> - Username  
+
* <code>username</code> '''MANDATORY''' - Username  
 
* <code>RemoveFiles</code> '''MANDATORY''' - Force the removal of files  
 
* <code>RemoveFiles</code> '''MANDATORY''' - Force the removal of files  
 
* <code>RemoveHome</code> '''MANDATORY''' - Remove home directory and mail spool  
 
* <code>RemoveHome</code> '''MANDATORY''' - Remove home directory and mail spool  
Line 98: Line 92:
 
===User Details===
 
===User Details===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
Retrieve user details
+
Retrieve a user details from the passwd file
  
 
====Input Parameters====
 
====Input Parameters====
Line 121: Line 115:
 
===Lock User===
 
===Lock User===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
Not supported on Solaris
+
Lock a users account using the usermod command
  
 
====Input Parameters====
 
====Input Parameters====
Line 135: Line 129:
 
===Unlock User===
 
===Unlock User===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
Not supported on Solaris
+
Unlock a users account using the usermod command
  
 
====Input Parameters====
 
====Input Parameters====
  
* <code>username</code> -   
+
* <code>username</code> '''MANDATORY''' -   
  
 
====Output Parameters====
 
====Output Parameters====
Line 151: Line 145:
 
===Modify User===
 
===Modify User===
 
<div class="mw-collapsible-content">
 
<div class="mw-collapsible-content">
 
+
Modify user account details using the usermod command
  
 
====Input Parameters====
 
====Input Parameters====
  
 +
* <code>username</code> '''MANDATORY''' - User login name
 
* <code>MoveDir</code> '''MANDATORY''' - Move the contents of the home directory to the new location:  HomeDirectory  
 
* <code>MoveDir</code> '''MANDATORY''' - Move the contents of the home directory to the new location:  HomeDirectory  
 
* <code>HomeDirectory</code> - Absolute Path to new Home Directory  
 
* <code>HomeDirectory</code> - Absolute Path to new Home Directory  
Line 166: Line 161:
 
* <code>NewLoginName</code> - Sets a new user name for the account  
 
* <code>NewLoginName</code> - Sets a new user name for the account  
 
* <code>UserId</code> - Sets new User ID for the user account  
 
* <code>UserId</code> - Sets new User ID for the user account  
* <code>username</code> '''MANDATORY''' - User login name
 
 
* <code>Cipher</code> -   
 
* <code>Cipher</code> -   
  

Revision as of 07:15, 8 September 2021

Home > Administration > IT Operations Management > ITOM Package Library > Linux User Management Index

Tux.svg.png

Introduction

A collection of operations to manage Linux User accounts

Related Articles

Target Environment Requirements

Credentials

Except for the Is Package Installed operation, Accounts used when executing jobs against operations contained within this package must adhere to the following requirements:

  • The target machine must have a local admin user that will be used for running the operations;
  • SSH Remote Login must be enabled for the user above user
  • Configuration for the user must be added to the sudoers file on the target machine, to allow the above user to sudo without a password (example: __someadminuser ALL = (ALL) NOPASSWD:ALL__).

KeySafe Configuration

Itomtarget keysafe.png

When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges on the target.

To configure your Target Machine account authentication in KeySafe:

  • In the Admin console, navigate to: System > Security > KeySafe;
  • Click on + then select Username + Password;
  • Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
  • Optionally add a description;
  • Populate the Username field with the domain/local account username for the account being used on the target machine;
  • Populate the Password field with the password for the above account;
  • Select Create Key to save.

Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.

Package Operations

The Linux User Management package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Runbooks.


Create User

Creates a Linux user account using the adduser command

Input Parameters

  • username MANDATORY -
  • createHomeDirectory MANDATORY -
  • password -
  • comment -
  • loginShell -
  • expiryDate -
  • primaryGroup -
  • SupplementaryGroups -
  • homeDirectoryLocation -
  • Cipher -

Output Parameters

  • Username
  • UserId
  • Comment
  • HomeDirectory
  • Groups
  • outcome MANDATORY The outcome of the operation (OK/FAIL)
  • errors Any errors returned by the operation

Delete User

Delate a Linux user account and optionally the user home folder and files. This operation uses the userdel command

Input Parameters

  • username MANDATORY - Username
  • RemoveFiles MANDATORY - Force the removal of files
  • RemoveHome MANDATORY - Remove home directory and mail spool

Output Parameters

  • outcome MANDATORY The outcome of the operation (OK/FAIL)
  • errors Any errors returned by the operation

User Details

Retrieve a user details from the passwd file

Input Parameters

  • username MANDATORY -

Output Parameters

  • UserName
  • UserId
  • GroupId
  • Comment
  • HomeDirectory
  • Shell
  • SupplementaryGroups
  • outcome MANDATORY The outcome of the operation (OK/FAIL)
  • errors Any errors returned by the operation

Lock User

Lock a users account using the usermod command

Input Parameters

  • username MANDATORY -

Output Parameters

No output parameters

Unlock User

Unlock a users account using the usermod command

Input Parameters

  • username MANDATORY -

Output Parameters

  • outcome MANDATORY The outcome of the operation (OK/FAIL)
  • errors Any errors returned by the operation

Modify User

Modify user account details using the usermod command

Input Parameters

  • username MANDATORY - User login name
  • MoveDir MANDATORY - Move the contents of the home directory to the new location: HomeDirectory
  • HomeDirectory - Absolute Path to new Home Directory
  • Password - Users new password
  • Comment - GCEOS field
  • LoginShell - Specifies the users login shell
  • GroupName - New Primary Group name
  • SuppGroupNames - Comma Separated list of group names
  • AccountExpiry - Expiry date format = yyyy-mm-dd
  • ExpiryDays - Number of days after password expiry until the account is disabled.
  • NewLoginName - Sets a new user name for the account
  • UserId - Sets new User ID for the user account
  • Cipher -

Output Parameters

  • Username
  • UserId
  • Comment
  • HomeDirectory
  • Groups
  • outcome MANDATORY The outcome of the operation (OK/FAIL)
  • errors Any errors returned by the operation
Retrieved from "https://wiki.hornbill.com/index.php?title=Linux_User_Management&oldid=27476"