Chef Cookbook for Creating User

3
votes

I'd like to create a new user kevin with a password of kevin.

cookbooks/make_user/recipes/default.rb

user "kevin" do
  comment "default user"
  home "/home/kevin"
  shell "/bin/bash"
  password "kevin"
end

After provisioning my Vagrant box, I ssh'd onto the box. However, I was unable to su as the kevin user with a password of kevin.

[vagrant@vagrant-centos65 ~]$ su kevin
Password: 
su: incorrect password

Looking at the Chef 'users' docs, I'm not sure that password is the right attribute to modify.

password    The password shadow hash. This attribute requires that 
            ruby-shadow be installed. This is part of the Debian package: 
            libshadow-ruby1.8.

How can I modify my above cookbook so that I can su as kevin with the same password?

2
chef-infra

2 Answers

7
votes

As illustrated on the documentation: http://docs.opscode.com/resource_user.html#password-shadow-hash, you need to generate the shadow hash using OpenSSL:

openssl passwd -1 "theplaintextpassword"

Or if you use mkpasswd:

mkpasswd -m sha-512
3
votes

The documentation of the cookbook user resource describes how the "password" attribute is encrypted. It also described how to set the value using openssl: