salt.modules.linux_shadow¶
Manage the shadow file on Linux systems
Important
If you feel that Salt should be using this module to manage passwords on a minion, and it is using a different module (or gives an error similar to 'shadow.info' is not available), see here.
- salt.modules.linux_shadow.default_hash()¶
Returns the default hash used for unset passwords
CLI Example:
salt '*' shadow.default_hash
- salt.modules.linux_shadow.del_password(name, root=None)¶
New in version 2014.7.0.
Delete the password from name user
- name
User to delete
- root
Directory to chroot into
CLI Example:
salt '*' shadow.del_password username
- salt.modules.linux_shadow.gen_password(password, crypt_salt=None, algorithm='sha512')¶
New in version 2014.7.0.
Generate hashed password
Note
When called this function is called directly via remote-execution, the password argument may be displayed in the system's process list. This may be a security risk on certain systems.
- password
Plaintext password to be hashed.
- crypt_salt
Crpytographic salt. If not given, a random 8-character salt will be generated.
- algorithm
The following hash algorithms are supported:
md5
blowfish (not in mainline glibc, only available in distros that add it)
sha256
sha512 (default)
CLI Example:
salt '*' shadow.gen_password 'I_am_password' salt '*' shadow.gen_password 'I_am_password' crypt_salt='I_am_salt' algorithm=sha256
- salt.modules.linux_shadow.info(name, root=None)¶
Return information for the specified user
- name
User to get the information for
- root
Directory to chroot into
CLI Example:
salt '*' shadow.info root
- salt.modules.linux_shadow.list_users(root=None)¶
New in version 2018.3.0.
Return a list of all shadow users
- root
Directory to chroot into
CLI Example:
salt '*' shadow.list_users
- salt.modules.linux_shadow.lock_password(name, root=None)¶
New in version 2016.11.0.
Lock the password from specified user
- name
User to lock
- root
Directory to chroot into
CLI Example:
salt '*' shadow.lock_password username
- salt.modules.linux_shadow.set_date(name, date, root=None)¶
Sets the value for the date the password was last changed to days since the epoch (January 1, 1970). See man chage.
- name
User to modify
- date
Date the password was last changed
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_date username 0
- salt.modules.linux_shadow.set_expire(name, expire, root=None)¶
Changed in version 2014.7.0.
Sets the value for the date the account expires as days since the epoch (January 1, 1970). Using a value of -1 will clear expiration. See man chage.
- name
User to modify
- date
Date the account expires
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_expire username -1
- salt.modules.linux_shadow.set_inactdays(name, inactdays, root=None)¶
Set the number of days of inactivity after a password has expired before the account is locked. See man chage.
- name
User to modify
- inactdays
Set password inactive after this number of days
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_inactdays username 7
- salt.modules.linux_shadow.set_maxdays(name, maxdays, root=None)¶
Set the maximum number of days during which a password is valid. See man chage.
- name
User to modify
- maxdays
Maximum number of days during which a password is valid
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_maxdays username 90
- salt.modules.linux_shadow.set_mindays(name, mindays, root=None)¶
Set the minimum number of days between password changes. See man chage.
- name
User to modify
- mindays
Minimum number of days between password changes
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_mindays username 7
- salt.modules.linux_shadow.set_password(name, password, use_usermod=False, root=None)¶
Set the password for a named user. The password must be a properly defined hash. A password hash can be generated with
gen_password().- name
User to set the password
- password
Password already hashed
- use_usermod
Use usermod command to better compatibility
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'
- salt.modules.linux_shadow.set_warndays(name, warndays, root=None)¶
Set the number of days of warning before a password change is required. See man chage.
- name
User to modify
- warndays
Number of days of warning before a password change is required
- root
Directory to chroot into
CLI Example:
salt '*' shadow.set_warndays username 7
- salt.modules.linux_shadow.unlock_password(name, root=None)¶
New in version 2016.11.0.
Unlock the password from name user
- name
User to unlock
- root
Directory to chroot into
CLI Example:
salt '*' shadow.unlock_password username
