group状态模块用于创建并管理UNIX组账号设置。
/usr/lib/python2.6/site-packages/salt/states/group.py
'''Management of user groups=========================The group module is used to create and manage unix group settings, groupscan be either present or absent:.. code-block:: yaml cheese: group.present: - gid: 7648 - system: True - addusers: - user1 - users2 - delusers: - foo cheese: group.present: - gid: 7648 - system: True - members: - foo - bar - user1 - user2'''
def present(name, gid=None, system=False, addusers=None, delusers=None, members=None): ''' Ensure that a group is present name The name of the group to manage gid The group id to assign to the named group; if left empty, then the next available group id will be assigned system Whether or not the named group is a system group. This is essentially the '-r' option of 'groupadd'. addusers List of additional users to be added as a group members. delusers Ensure these user are removed from the group membership. members Replace existing group members with a list of new members. Note: Options 'members' and 'addusers/delusers' are mutually exclusive and can not be used together. ''' ret = {'name': name, 'changes': {}, 'result': True, 'comment': 'Group {0} is present and up to date'.format(name)} if members and (addusers or delusers): ret['result'] = None ret['comment'] = ( 'Error: Conflicting options "members" with "addusers" and/or' ' "delusers" can not be used together. ') return ret if addusers and delusers: #-- if trying to add and delete the same user(s) at the same time. if not set(addusers).isdisjoint(set(delusers)): ret['result'] = None ret['comment'] = ( 'Error. Same user(s) can not be added and deleted' ' simultaneously') return ret changes = _changes(name, gid, addusers, delusers, members) if changes: ret['comment'] = ( 'The following group attributes are set to be changed:\n') for key, val in changes.items(): ret['comment'] += '{0}: {1}\n'.format(key, val) if __opts__['test']: ret['result'] = None return ret for key, val in changes.items(): if key == 'gid': __salt__['group.chgid'](name, gid) continue if key == 'addusers': for user in val: __salt__['group.adduser'](name, user) continue if key == 'delusers': for user in val: __salt__['group.deluser'](name, user) continue if key == 'members': __salt__['group.members'](name, ','.join(members)) continue # Clear cached group data sys.modules[ __salt__['test.ping'].__module__ ].__context__.pop('group.getent', None) changes = _changes(name, gid, addusers, delusers, members) if changes: ret['result'] = False ret['comment'] += 'Some changes could not be applied' ret['changes'] = {'Failed': changes} else: ret['changes'] = {'Final': 'All Changed applied successfully'} if changes is False: # The group is not present, make it! if __opts__['test']: ret['result'] = None ret['comment'] = 'Group {0} set to be added'.format(name) return ret grps = __salt__['group.getent']() # Test if gid is free if gid is not None: gid_group = None for lgrp in grps: if lgrp['gid'] == gid: gid_group = lgrp['name'] break if gid_group is not None: ret['result'] = False ret['comment'] = ( 'Group {0} is not present but gid {1} is already taken by' ' group {2}'.format(name, gid, gid_group)) return ret # Group is not present, make it. if __salt__['group.add'](name, gid, system=system): # if members to be added grp_members = None if members: grp_members = ','.join(members) if addusers: grp_members = ','.join(addusers) if grp_members: __salt__['group.members'](name, grp_members) # Clear cached group data sys.modules[__salt__['test.ping'].__module__].__context__.pop( 'group.getent', None) ret['comment'] = 'New group {0} created'.format(name) ret['changes'] = __salt__['group.info'](name) changes = _changes(name, gid, addusers, delusers, members) if changes: ret['result'] = False ret['comment'] = ( 'Group {0} has been created but, some changes could not' ' be applied') ret['changes'] = {'Failed': changes} else: ret['result'] = False ret['comment'] = 'Failed to create new group {0}'.format(name) return ret