Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to set password for user at run time in chef

How to set password for user creation in chef , at run time . instead of the encrypting mechanism using openssl and setting it in user resource in chef.

instead of the following method:

openssl passwd -1 "theplaintextpassword"
$1$JJsvHslV$szsCjVEroftprNn4JHtDi.

then setting it in user resource

user "random" do  
  supports :manage_home => true  
  comment "Random User"  
  uid 1234  
  gid "users"  
  home "/home/random"  
  shell "/bin/bash"  
  password "$1$JJsvHslV$szsCjVEroftprNn4JHtDi."  
end

Is there any alternative ..??

like image 645
Mohan Karthik Sanagapalli Avatar asked Apr 15 '14 11:04

Mohan Karthik Sanagapalli


2 Answers

You could try generating the password ciphertext using Ruby in your cookbook:

require 'digest/sha2'

password = "pass@123"
salt = rand(36**8).to_s(36)
shadow_hash = password.crypt("$6$" + salt)

After running this, shadow_hash contains the following string: $6$vf1ehwzs$VAxaPBAeXjvEMboee.xbJgMOXlCrJ.eJDPkqP.16fGyAqjq1IDkh0OpEXFRo1W04G7tl02YMQz7dKmGKLVaRd/

You can then use it in the user resource:

user "random" do  
  supports :manage_home => true  
  comment "Random User"  
  uid 1234  
  gid "users"  
  home "/home/random"  
  shell "/bin/bash"  
  password shadow_hash
end

From http://judepereira.com/blog/use-ruby-to-generate-your-shadow-password/

like image 78
Ellis Percival Avatar answered Oct 19 '22 05:10

Ellis Percival


I haven't come across exactly what you are looking for yet, but the openssl cookbook comes pretty close. With some tinkering you should be able to alter the method to accept string input then leveraging the unix-crypt library encrypt that string, or even just follow the pattern used in cookbook to make your own resource.

https://github.com/opscode-cookbooks/openssl

https://github.com/mogest/unix-crypt

like image 1
zarry Avatar answered Oct 19 '22 06:10

zarry