-2

I'm new to chef. Kindly help! I have tried this

user "newuser" do
  password: xyz
end

and

user 'newuser' do
  comment 'A random user'
  uid '1234567'
  gid '1234567'
  home '/home/saxuser'
  shell '/bin/bash'
  password 'newpassword'
end
StephenKing
  • 36,187
  • 11
  • 83
  • 112
Shesh Kumar Bhombore
  • 69
  • 1
  • 8
  • user 'newuser' do comment 'A random user' uid '1234567' gid '1234567' home '/home/saxuser' shell '/bin/bash' password 'newpassword' end ~ Also tried this... and its not working. Where am I going wrong? – Shesh Kumar Bhombore Jan 15 '16 at 09:38
  • 1
    Welcome to stackoverflow. I've updated your question. Please also include the error that you are encountering. "Does not work" is not a good error description. – StephenKing Jan 15 '16 at 10:24

1 Answers1

3

The correct format for the user resource is the following:

user "newuser" do
  password crypt_password
end

Keep in mind that the password must be in shadow format:

The password shadow hash. This property requires that ruby-shadow be installed. This is part of the Debian package: libshadow-ruby1.8.

See the Password Shadow Hash section to see how to generate the shadow password:

$ openssl passwd -1 "theplaintextpassword"

To generate the shadow password from the cookbook, you can use the openssl cookbook helpers to generate the salt:

Chef::Recipe.send(:include, OpenSSLCookbook::RandomPassword)

password = 'xyz'
salt = random_password(length: 10)
crypt_password = password.crypt("$6$#{salt}")

user 'newuser' do
  password crypt_password
end

Don't forget to include the openssl cookbook in your run list.

Anyway, keep in mind that this will generate a different salt in each chef run, so maybe it's not the best approach to use.

I also encourage you to read Noah's post about secrets management to learn appropriate ways to manage passwords with Chef.

zuazo
  • 5,398
  • 2
  • 23
  • 22
  • That is what I did.... :( No positive result. I'm getting "Authentication Failure" in the node! – Shesh Kumar Bhombore Jan 15 '16 at 09:45
  • I think that your problem is that the password must be in shadow format. – zuazo Jan 15 '16 at 09:54
  • Thanks for your answer. Is it possible to give a generic example. – Shesh Kumar Bhombore Jan 15 '16 at 10:10
  • OK. I added an example to generate the shadow password from a recipe. – zuazo Jan 15 '16 at 10:59
  • Setting a random password seems like an odd thing to do. Just set no password and the user will be created without one. – coderanger Jan 15 '16 at 19:56
  • Maybe I'm wrong, but I think he wants to create the user with a specific password and that's the problem. Either way, in the example I'm using a random salt, not a random password. But I agree it's not good practice :-( – zuazo Jan 15 '16 at 20:06
  • @zuazo I'm getting this error :( "Recipe Compile Error in /var/chef/cache/cookbooks/users/recipes/default.rb" NameError 192.168.108.138 --------- 192.168.108.138 uninitialized constant Chef::Recipe::OpenSSLCookbook – Shesh Kumar Bhombore Jan 19 '16 at 08:39
  • Maybe you are using a `< 4` version of the openssl cookbook. Those libraries has been renamed multiple times. Try using `Chef::OpenSSL::Password` and `secure_password` instead. See the documentation of the openssl cookbook version you are using. – zuazo Jan 19 '16 at 08:47
  • @zuazo Your solution worked! But the thing is .bashrc and .profile files are missing in my node when I log in as the "new user" :-/ – Shesh Kumar Bhombore Jan 27 '16 at 07:10
  • Try passing `supports manage_home: true` to the `user` resource. From [the documentation](https://docs.chef.io/resource_user.html#properties): *When created, a skeleton set of files and sub-directories is also created in the home directory.* – zuazo Jan 27 '16 at 13:10
  • Thanks @zuazo Should I add that line in recipe/default.rb file ?? – Shesh Kumar Bhombore Jan 27 '16 at 13:15
  • Yes, see [the documentation examples](https://docs.chef.io/resource_user.html#examples). You need to add it inside the `user` resource: `user 'newuser' do supports manage_home: true [...] end`. – zuazo Jan 27 '16 at 13:27
  • @zuazo Thanks... We tried that but still no positive result. We are not getting the .bashrc and .profile files :( – Shesh Kumar Bhombore Jan 27 '16 at 13:31
  • Check if you have them in your skeleton directory (`/etc/skel`). Also note that this only works when the user does not exist when running the `user` resource. I mean, in the first chef run that creates the user. It's not updated after that. If nothing works, what platform are you on? It may be a bug. – zuazo Jan 27 '16 at 13:49
  • Hi @zuazo I'm trying to append lines in .bashrc file. I'm using this "ruby block". Its working but the thing is if I bootstrap the node, the same line is being added AGAIN..!! How can I omit that? Here is the code: ruby_block "insert_path_to_bash" do block do file = Chef::Util::FileEdit.new("/home/cent/.bashrc_bkp") file.insert_line_if_no_match("/export PATH=$JAVA_HOME/bin:$PATH/","export PATH=$JAVA_HOME/bin:$PATH") file.write_file end end – Shesh Kumar Bhombore Feb 08 '16 at 08:15
  • @SheshKumarBhombore this has nothing to do with the original question. I recommend you open a new question. – zuazo Feb 08 '16 at 09:00