Resource Type: group
This version of Puppet is not included in Puppet Enterprise. The latest version of PE includes Puppet 4.10. A newer version is available; see the version menu above for details.
NOTE: This page was generated from the Puppet source code on 2016-01-27 14:24:39 +0000
group
Description
Manage groups. On most platforms this can only create groups. Group membership must be managed on individual users.
On some platforms such as OS X, group membership is managed as an attribute of the group, not the user record. Providers must have the feature ‘manages_members’ to manage the ‘members’ property of a group record.
Attributes
group { 'resource title':
name => # (namevar) The group name. While naming limitations vary by
ensure => # Create or remove the group. Valid values are...
allowdupe => # Whether to allow duplicate GIDs. Defaults to...
attribute_membership => # Whether specified attribute value pairs should...
attributes => # Specify group AIX attributes in an array of...
auth_membership => # whether the provider is authoritative for group...
forcelocal => # Forces the management of local accounts when...
gid => # The group ID. Must be specified numerically....
ia_load_module => # The name of the I&A module to use to manage this
members => # The members of the group. For directory services
provider => # The specific backend to use for this `group...
system => # Whether the group is a system group with lower...
# ...plus any applicable metaparameters.
}name
(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
The group name. While naming limitations vary by operating system, it is advisable to restrict names to the lowest common denominator, which is a maximum of 8 characters beginning with a letter.
Note that Puppet considers group names to be case-sensitive, regardless of the platform’s own rules; be sure to always use the same case when referring to a given group.
ensure
(Property: This attribute represents concrete state on the target system.)
Create or remove the group.
Valid values are present, absent.
allowdupe
Whether to allow duplicate GIDs. Defaults to false.
Valid values are true, false, yes, no.
attribute_membership
Whether specified attribute value pairs should be treated as the only attributes of the user or whether they should merely be treated as the minimum list.
Valid values are inclusive, minimum.
attributes
(Property: This attribute represents concrete state on the target system.)
Specify group AIX attributes in an array of key=value pairs.
Requires features manages_aix_lam.
auth_membership
whether the provider is authoritative for group membership.
Valid values are true, false, yes, no.
forcelocal
Forces the management of local accounts when accounts are also being managed by some other NSS
Valid values are true, false, yes, no.
Requires features libuser.
gid
(Property: This attribute represents concrete state on the target system.)
The group ID. Must be specified numerically. If no group ID is specified when creating a new group, then one will be chosen automatically according to local system standards. This will likely result in the same group having different GIDs on different systems, which is not recommended.
On Windows, this property is read-only and will return the group’s security identifier (SID).
ia_load_module
The name of the I&A module to use to manage this user
Requires features manages_aix_lam.
members
(Property: This attribute represents concrete state on the target system.)
The members of the group. For directory services where group membership is stored in the group objects, not the users.
Requires features manages_members.
provider
The specific backend to use for this group
resource. You will seldom need to specify this — Puppet will usually
discover the appropriate provider for your platform.
Available providers are:
system
Whether the group is a system group with lower GID.
Valid values are true, false, yes, no.
Providers
aix
Group management for AIX.
- Required binaries:
/usr/bin/chgroup,/usr/bin/mkgroup,/usr/sbin/lsgroup,/usr/sbin/rmgroup. - Default for
operatingsystem==aix. - Supported features:
manages_aix_lam,manages_members.
directoryservice
Group management using DirectoryService on OS X.
- Required binaries:
/usr/bin/dscl. - Default for
operatingsystem==darwin. - Supported features:
manages_members.
groupadd
Group management via groupadd and its ilk. The default for most platforms.
- Required binaries:
groupadd,groupdel,groupmod,lgroupadd. - Supported features:
system_groups.
ldap
Group management via LDAP.
This provider requires that you have valid values for all of the
LDAP-related settings in puppet.conf, including ldapbase. You will
almost definitely need settings for ldapuser and ldappassword in order
for your clients to write to LDAP.
Note that this provider will automatically generate a GID for you if you do not specify one, but it is a potentially expensive operation, as it iterates across all existing groups to pick the appropriate next one.
pw
Group management via pw on FreeBSD and DragonFly BSD.
- Required binaries:
pw. - Default for
operatingsystem==freebsd, dragonfly. - Supported features:
manages_members.
windows_adsi
Local group management for Windows. Group members can be both users and groups. Additionally, local groups can contain domain users.
- Default for
operatingsystem==windows. - Supported features:
manages_members.
Provider Features
Available features:
libuser— Allows local groups to be managed on systems that also use some other remote NSS method of managing accounts.manages_aix_lam— The provider can manage AIX Loadable Authentication Module (LAM) system.manages_members— For directories where membership is an attribute of groups not users.system_groups— The provider allows you to create system groups with lower GIDs.
Provider support:
| Provider | libuser | manages aix lam | manages members | system groups |
|---|---|---|---|---|
| aix | X | X | ||
| directoryservice | X | |||
| groupadd | X | X | ||
| ldap | ||||
| pw | X | |||
| windows_adsi | X |
NOTE: This page was generated from the Puppet source code on 2016-01-27 14:24:39 +0000