Open source Puppet documentation

NOTE: This page was generated from the Puppet source code on 2018-03-20 07:07:39 -0700

group

Description

Manage groups. On most platforms this can only create groups. Group membership must be managed on individual users.

On some platforms such as OS X, group membership is managed as an attribute of the group, not the user record. Providers must have the feature ‘manages_members’ to manage the ‘members’ property of a group record.

Attributes

group { 'resource title':
  name                 => # (namevar) The group name. While naming limitations vary by 
  ensure               => # Create or remove the group.  Default: `present`  
  allowdupe            => # Whether to allow duplicate GIDs. Defaults to...
  attribute_membership => # AIX only. Configures the behavior of the...
  attributes           => # Specify group AIX attributes, as an array of...
  auth_membership      => # Configures the behavior of the `members...
  forcelocal           => # Forces the management of local accounts when...
  gid                  => # The group ID.  Must be specified numerically....
  ia_load_module       => # The name of the I&A module to use to manage this 
  members              => # The members of the group. For platforms or...
  system               => # Whether the group is a system group with lower...
  # ...plus any applicable metaparameters.
}

name

(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)

The group name. While naming limitations vary by operating system, it is advisable to restrict names to the lowest common denominator, which is a maximum of 8 characters beginning with a letter.

Note that Puppet considers group names to be case-sensitive, regardless of the platform’s own rules; be sure to always use the same case when referring to a given group.

(↑ Back to group attributes)

ensure

(Property: This attribute represents concrete state on the target system.)

Create or remove the group.

Default: present

Allowed values:

  • present
  • absent

(↑ Back to group attributes)

allowdupe

Whether to allow duplicate GIDs. Defaults to false.

Default: false

Allowed values:

  • true
  • false
  • yes
  • no

(↑ Back to group attributes)

attribute_membership

AIX only. Configures the behavior of the attributes parameter.

  • minimum (default) — The provided list of attributes is partial, and Puppet ignores any attributes that aren’t listed there.
  • inclusive — The provided list of attributes is comprehensive, and Puppet purges any attributes that aren’t listed there.

Default: minimum

Allowed values:

  • inclusive
  • minimum

(↑ Back to group attributes)

attributes

(Property: This attribute represents concrete state on the target system.)

Specify group AIX attributes, as an array of 'key=value' strings. This parameter’s behavior can be configured with attribute_membership.

(↑ Back to group attributes)

auth_membership

Configures the behavior of the members parameter.

  • false (default) — The provided list of group members is partial, and Puppet ignores any members that aren’t listed there.
  • true — The provided list of of group members is comprehensive, and Puppet purges any members that aren’t listed there.

Default: false

Allowed values:

  • true
  • false
  • yes
  • no

(↑ Back to group attributes)

forcelocal

Forces the management of local accounts when accounts are also being managed by some other NSS

Default: false

Allowed values:

  • true
  • false
  • yes
  • no

(↑ Back to group attributes)

gid

(Property: This attribute represents concrete state on the target system.)

The group ID. Must be specified numerically. If no group ID is specified when creating a new group, then one will be chosen automatically according to local system standards. This will likely result in the same group having different GIDs on different systems, which is not recommended.

On Windows, this property is read-only and will return the group’s security identifier (SID).

(↑ Back to group attributes)

ia_load_module

The name of the I&A module to use to manage this user

(↑ Back to group attributes)

members

(Property: This attribute represents concrete state on the target system.)

The members of the group. For platforms or directory services where group membership is stored in the group objects, not the users. This parameter’s behavior can be configured with auth_membership.

(↑ Back to group attributes)

system

Whether the group is a system group with lower GID.

Default: false

Allowed values:

  • true
  • false
  • yes
  • no

(↑ Back to group attributes)

Providers

aix

Group management for AIX.

  • Required binaries: /usr/sbin/lsgroup, /usr/bin/mkgroup, /usr/sbin/rmgroup, /usr/bin/chgroup
  • Confined to: operatingsystem == aix
  • Default for: ["operatingsystem", "aix"] ==

directoryservice

Group management using DirectoryService on OS X.

  • Required binaries: /usr/bin/dscl
  • Confined to: operatingsystem == darwin
  • Default for: ["operatingsystem", "darwin"] ==

groupadd

Group management via groupadd and its ilk. The default for most platforms.

  • Required binaries: groupadd, groupdel, groupmod

ldap

Group management via LDAP.

This provider requires that you have valid values for all of the LDAP-related settings in puppet.conf, including ldapbase. You will almost definitely need settings for ldapuser and ldappassword in order for your clients to write to LDAP.

Note that this provider will automatically generate a GID for you if you do not specify one, but it is a potentially expensive operation, as it iterates across all existing groups to pick the appropriate next one.

  • Confined to: feature == ldap, false == (Puppet[:ldapuser] == "")

pw

Group management via pw on FreeBSD and DragonFly BSD.

  • Required binaries: pw
  • Confined to: operatingsystem == [:freebsd, :dragonfly]
  • Default for: ["operatingsystem", "[:freebsd, :dragonfly]"] ==

windows_adsi

Local group management for Windows. Group members can be both users and groups. Additionally, local groups can contain domain users.

  • Confined to: operatingsystem == windows
  • Default for: ["operatingsystem", "windows"] ==

Provider Features

Available features:

  • libuser — Allows local groups to be managed on systems that also use some other remote NSS method of managing accounts.
  • manages_aix_lam — The provider can manage AIX Loadable Authentication Module (LAM) system.
  • manages_members — For directories where membership is an attribute of groups not users.
  • system_groups — The provider allows you to create system groups with lower GIDs.

Provider support:

Provider libuser manages aix lam manages members system groups
aix X X
directoryservice X
groupadd
ldap
pw X
windows_adsi X

NOTE: This page was generated from the Puppet source code on 2018-03-20 07:07:39 -0700

Back to top