Remove a user from a group?


#1

Hello. I’m working with the “group” provider, and I can see how to add a user to a local group. However, I don’t see a clean way to remove a user from a group. My Google-fu has failed me. Can anybody shed some light on this? Thanks.

-Pete


#2

I was told quite awhile back, from Opscode people, that had been fixed.
I agree the docs have not been updated, and hopefully it really was fixed (and released for general use).

I’ll ask again.

Dan Rose

-----Original Message-----
From: Peter Loron [mailto:peterl@standingwave.org]
Sent: Friday, March 15, 2013 4:16 PM
To: chef@lists.opscode.com
Subject: [chef] Remove a user from a group?

Hello. I’m working with the “group” provider, and I can see how to add a user to a local group. However, I don’t see a clean way to remove a user from a group. My Google-fu has failed me. Can anybody shed some light on this? Thanks.

-Pete

******* CONFIDENTIALITY NOTICE *******

This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended
solely for the use of the addressee. If the reader of this message
is not the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
message or its attachments is strictly prohibited. If you have
received this message in error, please notify the sender
immediately and delete this message from your system. Thank you.


#3

You can :manage the entire group and remove a user from the ‘members’ attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a user to a local group. However, I don’t see a clean way to remove a user from a group. My Google-fu has failed me. Can anybody shed some light on this? Thanks.

-Pete


#4

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing the ability to specify the complete set of users in a group, not the specific user to remove. If true, in order to remove a user from a group, I would need to know the list of all users in the group first, which I do not have. I could probably gin up a way to get that list, but it seems very broken to be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the “manage” and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the ‘members’ attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a user to a local group. However, I don’t see a clean way to remove a user from a group. My Google-fu has failed me. Can anybody shed some light on this? Thanks.

-Pete


#5

The actions: manage does not create the group, modify does. You can
use combinations of create/remove manage/modify to allow a number of
group configurations.

You can use the ruby ‘etc’ std-lib module to query information about a
group at compile time (or converge via ruby_block. Shame we don’t have
that delayed evaluation yet…)…

irb(main):001:0> require ‘etc’
=> true
irb(main):002:0> wheel = Etc.getgrnam “wheel”
=> #<struct Struct::Group name=“wheel”, passwd=“x”, gid=10, mem=[“root”, “aj”]>
irb(main):003:0> wheel.mem
=> [“root”, “aj”]

Cheers, HTH!

AJ

On 16 March 2013 12:10, Peter Loron peterl@standingwave.org wrote:

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing the
ability to specify the complete set of users in a group, not the specific
user to remove. If true, in order to remove a user from a group, I would
need to know the list of all users in the group first, which I do not have.
I could probably gin up a way to get that list, but it seems very broken to
be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the "manage"
and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the 'members’
attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a
user to a local group. However, I don’t see a clean way to remove a user
from a group. My Google-fu has failed me. Can anybody shed some light on
this? Thanks.

-Pete


#6

just to add, this information is also provided via ohai, hence accessible
from node object

as
node.etc.group.wheel.members
or
node[:etc][:group][:wheel][:members]

On Fri, Mar 15, 2013 at 4:19 PM, AJ Christensen aj@junglist.gen.nz wrote:

The actions: manage does not create the group, modify does. You can
use combinations of create/remove manage/modify to allow a number of
group configurations.

You can use the ruby ‘etc’ std-lib module to query information about a
group at compile time (or converge via ruby_block. Shame we don’t have
that delayed evaluation yet…)…

irb(main):001:0> require ‘etc’
=> true
irb(main):002:0> wheel = Etc.getgrnam “wheel”
=> #<struct Struct::Group name=“wheel”, passwd=“x”, gid=10, mem=[“root”,
“aj”]>
irb(main):003:0> wheel.mem
=> [“root”, “aj”]

Cheers, HTH!

AJ

On 16 March 2013 12:10, Peter Loron peterl@standingwave.org wrote:

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing
the
ability to specify the complete set of users in a group, not the specific
user to remove. If true, in order to remove a user from a group, I would
need to know the list of all users in the group first, which I do not
have.
I could probably gin up a way to get that list, but it seems very broken
to
be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the
"manage"
and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the 'members’
attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a
user to a local group. However, I don’t see a clean way to remove a user
from a group. My Google-fu has failed me. Can anybody shed some light on
this? Thanks.

-Pete


#7

Makes sense. :slight_smile:

–AJ

On 16 March 2013 12:47, Ranjib Dey dey.ranjib@gmail.com wrote:

just to add, this information is also provided via ohai, hence accessible
from node object

as
node.etc.group.wheel.members
or
node[:etc][:group][:wheel][:members]

On Fri, Mar 15, 2013 at 4:19 PM, AJ Christensen aj@junglist.gen.nz wrote:

The actions: manage does not create the group, modify does. You can
use combinations of create/remove manage/modify to allow a number of
group configurations.

You can use the ruby ‘etc’ std-lib module to query information about a
group at compile time (or converge via ruby_block. Shame we don’t have
that delayed evaluation yet…)…

irb(main):001:0> require ‘etc’
=> true
irb(main):002:0> wheel = Etc.getgrnam “wheel”
=> #<struct Struct::Group name=“wheel”, passwd=“x”, gid=10, mem=[“root”,
“aj”]>
irb(main):003:0> wheel.mem
=> [“root”, “aj”]

Cheers, HTH!

AJ

On 16 March 2013 12:10, Peter Loron peterl@standingwave.org wrote:

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing
the
ability to specify the complete set of users in a group, not the
specific
user to remove. If true, in order to remove a user from a group, I would
need to know the list of all users in the group first, which I do not
have.
I could probably gin up a way to get that list, but it seems very broken
to
be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the
"manage"
and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the 'members’
attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a
user to a local group. However, I don’t see a clean way to remove a user
from a group. My Google-fu has failed me. Can anybody shed some light on
this? Thanks.

-Pete


#8

This does not appear to be working on Windows 2008 R2 with Chef omnibus 11.2 and Ohai 6.16.0. The “etc” section in the output looks like this:

“etc”: {
“passwd”: {

},
"group": {

}

}

-Pete

On Mar 15, 2013, at 4:47 PM, Ranjib Dey dey.ranjib@gmail.com wrote:

just to add, this information is also provided via ohai, hence accessible from node object

as
node.etc.group.wheel.members
or
node[:etc][:group][:wheel][:members]

On Fri, Mar 15, 2013 at 4:19 PM, AJ Christensen aj@junglist.gen.nz wrote:
The actions: manage does not create the group, modify does. You can
use combinations of create/remove manage/modify to allow a number of
group configurations.

You can use the ruby ‘etc’ std-lib module to query information about a
group at compile time (or converge via ruby_block. Shame we don’t have
that delayed evaluation yet…)…

irb(main):001:0> require ‘etc’
=> true
irb(main):002:0> wheel = Etc.getgrnam “wheel”
=> #<struct Struct::Group name=“wheel”, passwd=“x”, gid=10, mem=[“root”, “aj”]>
irb(main):003:0> wheel.mem
=> [“root”, “aj”]

Cheers, HTH!

AJ

On 16 March 2013 12:10, Peter Loron peterl@standingwave.org wrote:

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing the
ability to specify the complete set of users in a group, not the specific
user to remove. If true, in order to remove a user from a group, I would
need to know the list of all users in the group first, which I do not have.
I could probably gin up a way to get that list, but it seems very broken to
be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the "manage"
and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the 'members’
attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a
user to a local group. However, I don’t see a clean way to remove a user
from a group. My Google-fu has failed me. Can anybody shed some light on
this? Thanks.

-Pete


#9

Unfortunately, this isn’t available on Windows, which is the platform I’m trying to do this with.

I guess I’ll either shell out to do the native commands. I’m probably not up to properly submitting patches to the group provider.

-Pete

On Mar 15, 2013, at 4:19 PM, AJ Christensen aj@junglist.gen.nz wrote:

The actions: manage does not create the group, modify does. You can
use combinations of create/remove manage/modify to allow a number of
group configurations.

You can use the ruby ‘etc’ std-lib module to query information about a
group at compile time (or converge via ruby_block. Shame we don’t have
that delayed evaluation yet…)…

irb(main):001:0> require ‘etc’
=> true
irb(main):002:0> wheel = Etc.getgrnam “wheel”
=> #<struct Struct::Group name=“wheel”, passwd=“x”, gid=10, mem=[“root”, “aj”]>
irb(main):003:0> wheel.mem
=> [“root”, “aj”]

Cheers, HTH!

AJ

On 16 March 2013 12:10, Peter Loron peterl@standingwave.org wrote:

Hi, AJ. From my reading of the group docs (URL below), I’m only seeing the
ability to specify the complete set of users in a group, not the specific
user to remove. If true, in order to remove a user from a group, I would
need to know the list of all users in the group first, which I do not have.
I could probably gin up a way to get that list, but it seems very broken to
be able to add a specific user, but not remove one…

Since I’m on the topic, is there any clarification between what the "manage"
and “modify” actions do?

http://docs.opscode.com/resource_group.html

-Pete

On Mar 15, 2013, at 3:41 PM, AJ Christensen aj@junglist.gen.nz wrote:

You can :manage the entire group and remove a user from the 'members’
attribute.

Cheers,

AJ

On 16 March 2013 10:15, Peter Loron peterl@standingwave.org wrote:

Hello. I’m working with the “group” provider, and I can see how to add a
user to a local group. However, I don’t see a clean way to remove a user
from a group. My Google-fu has failed me. Can anybody shed some light on
this? Thanks.

-Pete